Amazon Linux AMI update for tomcat7

1) Infinite loop

EUVDB-ID: #VU5233

Risk: Medium

CVSSv3.1: 8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2014-0050

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Update the affected packages.

noarch:
    tomcat7-docs-webapp-7.0.47-1.38.amzn1.noarch
    tomcat7-7.0.47-1.38.amzn1.noarch
    tomcat7-lib-7.0.47-1.38.amzn1.noarch
    tomcat7-webapps-7.0.47-1.38.amzn1.noarch
    tomcat7-el-2.2-api-7.0.47-1.38.amzn1.noarch
    tomcat7-javadoc-7.0.47-1.38.amzn1.noarch
    tomcat7-jsp-2.2-api-7.0.47-1.38.amzn1.noarch
    tomcat7-admin-webapps-7.0.47-1.38.amzn1.noarch
    tomcat7-servlet-3.0-api-7.0.47-1.38.amzn1.noarch

src:
    tomcat7-7.0.47-1.38.amzn1.src

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2014-312.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.