SB2013060102 - Multiple vulnerabilities in Apache Tomcat
Published: June 1, 2013 Updated: February 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-5885)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass intended access restrictions.
The vulnerability exists due to replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values. A remote attacker can bypass intended access restrictions by sniffing the network for valid requests
2) Input validation error (CVE-ID: CVE-2012-3544)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack by streaming data.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0623.html
- http://rhn.redhat.com/errata/RHSA-2013-0629.html
- http://rhn.redhat.com/errata/RHSA-2013-0631.html
- http://rhn.redhat.com/errata/RHSA-2013-0632.html
- http://rhn.redhat.com/errata/RHSA-2013-0633.html
- http://rhn.redhat.com/errata/RHSA-2013-0640.html
- http://rhn.redhat.com/errata/RHSA-2013-0647.html
- http://rhn.redhat.com/errata/RHSA-2013-0648.html
- http://rhn.redhat.com/errata/RHSA-2013-0726.html
- http://secunia.com/advisories/51371
- http://svn.apache.org/viewvc?view=revision&revision=1377807
- http://svn.apache.org/viewvc?view=revision&revision=1380829
- http://svn.apache.org/viewvc?view=revision&revision=1392248
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://www.securityfocus.com/bid/56403
- http://www.ubuntu.com/usn/USN-1637-1
- http://www-01.ibm.com/support/docview.wss?uid=swg21626891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80408
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19432
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592
- http://svn.apache.org/viewvc?view=revision&revision=1378702
- http://svn.apache.org/viewvc?view=revision&revision=1378921
- http://svn.apache.org/viewvc?view=revision&revision=1476592
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/59797
- http://www.securityfocus.com/bid/64758
- http://www.ubuntu.com/usn/USN-1841-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html