Amazon Linux AMI update for tomcat7, tomcat8



Published: 2017-04-20
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-5647
CVE-2017-5648
CWE-ID CWE-200
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU6674

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5647

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. A remote attacker can cause responses to appear to be sent for the wrong request.

Mitigation

Update the affected packages:

noarch:
    tomcat7-servlet-3.0-api-7.0.77-1.26.amzn1.noarch
    tomcat7-lib-7.0.77-1.26.amzn1.noarch
    tomcat7-el-2.2-api-7.0.77-1.26.amzn1.noarch
    tomcat7-jsp-2.2-api-7.0.77-1.26.amzn1.noarch
    tomcat7-log4j-7.0.77-1.26.amzn1.noarch
    tomcat7-7.0.77-1.26.amzn1.noarch
    tomcat7-javadoc-7.0.77-1.26.amzn1.noarch
    tomcat7-webapps-7.0.77-1.26.amzn1.noarch
    tomcat7-admin-webapps-7.0.77-1.26.amzn1.noarch
    tomcat7-docs-webapp-7.0.77-1.26.amzn1.noarch
    tomcat8-8.0.43-1.70.amzn1.noarch
    tomcat8-servlet-3.1-api-8.0.43-1.70.amzn1.noarch
    tomcat8-el-3.0-api-8.0.43-1.70.amzn1.noarch
    tomcat8-webapps-8.0.43-1.70.amzn1.noarch
    tomcat8-docs-webapp-8.0.43-1.70.amzn1.noarch
    tomcat8-javadoc-8.0.43-1.70.amzn1.noarch
    tomcat8-jsp-2.3-api-8.0.43-1.70.amzn1.noarch
    tomcat8-log4j-8.0.43-1.70.amzn1.noarch
    tomcat8-admin-webapps-8.0.43-1.70.amzn1.noarch
    tomcat8-lib-8.0.43-1.70.amzn1.noarch

src:
    tomcat7-7.0.77-1.26.amzn1.src
    tomcat8-8.0.43-1.70.amzn1.src

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-822.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU6675

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5648

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to use the appropriate facade object by certain application listener calls. A remote attacker can access and modify arbitrary data.

Mitigation

Update the affected packages:

noarch:
    tomcat7-servlet-3.0-api-7.0.77-1.26.amzn1.noarch
    tomcat7-lib-7.0.77-1.26.amzn1.noarch
    tomcat7-el-2.2-api-7.0.77-1.26.amzn1.noarch
    tomcat7-jsp-2.2-api-7.0.77-1.26.amzn1.noarch
    tomcat7-log4j-7.0.77-1.26.amzn1.noarch
    tomcat7-7.0.77-1.26.amzn1.noarch
    tomcat7-javadoc-7.0.77-1.26.amzn1.noarch
    tomcat7-webapps-7.0.77-1.26.amzn1.noarch
    tomcat7-admin-webapps-7.0.77-1.26.amzn1.noarch
    tomcat7-docs-webapp-7.0.77-1.26.amzn1.noarch
    tomcat8-8.0.43-1.70.amzn1.noarch
    tomcat8-servlet-3.1-api-8.0.43-1.70.amzn1.noarch
    tomcat8-el-3.0-api-8.0.43-1.70.amzn1.noarch
    tomcat8-webapps-8.0.43-1.70.amzn1.noarch
    tomcat8-docs-webapp-8.0.43-1.70.amzn1.noarch
    tomcat8-javadoc-8.0.43-1.70.amzn1.noarch
    tomcat8-jsp-2.3-api-8.0.43-1.70.amzn1.noarch
    tomcat8-log4j-8.0.43-1.70.amzn1.noarch
    tomcat8-admin-webapps-8.0.43-1.70.amzn1.noarch
    tomcat8-lib-8.0.43-1.70.amzn1.noarch

src:
    tomcat7-7.0.77-1.26.amzn1.src
    tomcat8-8.0.43-1.70.amzn1.src

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-822.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###