Multiple vulnerabilities in HP OpenVMS CSWS_JAVA running Tomcat
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2013-4286 CVE-2013-4322 CVE-2013-4444 CVE-2013-4590 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0230 CVE-2014-0227 |
| CWE-ID | CWE-20 CWE-94 CWE-200 CWE-190 CWE-264 CWE-399 CWE-444 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OpenVMS CSWS_Java Other software / Other software solutions |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU64542
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a request-smuggling attack.
The vulnerability exists due to HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers. A remote attacker can trigger incorrect identification of a request's length and conduct request-smuggling attacks via multiple Content-Length headers or a Content-Length header and a "Transfer-Encoding: chunked" header.
This vulnerability exists because of an incomplete fix for CVE-2005-2090.
Install update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU64543
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4322
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Tomcat processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field. A remote attacker can cause a denial of service by streaming data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Code Injection
EUVDB-ID: #VU64544
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4444
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing outdated java.io.File code and a custom JMX configuration. A remote attacker can execute arbitrary code by uploading and accessing a JSP file.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU64545
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4590
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU64548
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0075
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat. A remote attacker can cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64550
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0096
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat does not properly restrict XSLT stylesheets. A remote attacker can bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU64554
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0099
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a HTTP request smuggling attack.
The vulnerability exists due to integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat when operated behind a reverse proxy. A remote attacker can conduct HTTP request smuggling attack via a crafted Content-Length HTTP header.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64553
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0119
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Apache Tomcat does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet. A remote attacker can read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU64581
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Tomcat does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body. A remote attacker can cause a denial of service (thread consumption) via a series of aborted upload attempts.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU64555
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0227
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a HTTP request smuggling attack.
The vulnerability exists due to java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat does not properly handle attempts to continue reading data after an error has occurred. A remote attacker can conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
MitigationInstall update from vendor's website.
Vulnerable software versionsOpenVMS CSWS_Java: 7.0.29
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c04851013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
