Main Vulnerability Database SB2021110320

SB2021110320 - SUSE update for tomcat

Published: November 3, 2021

Security Bulletin ID SB2021110320

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2021-30640)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the JNDI Realm when processing authentication requests. A remote attacker can authenticate using variations of a valid user name and bypass some of the protection provided by the LockOut Realm.

2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2021-33037)

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests, related to processing of transfer encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

3) Infinite loop (CVE-ID: CVE-2021-41079)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing certain TLS packets. A remote attacker can send a specially crafted packet to the application, consume all available system resources and cause denial of service conditions.

Successful exploitation of vulnerability requires that Apache Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20213602-1/

Vulnerable Software

SUSE OpenStack Cloud Crowbar: 9
SUSE OpenStack Cloud: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS, 12-SP5
javapackages-tools: before 2.0.1-13.1
tomcat: before 9.0.36-3.71.1
tomcat-admin-webapps: before 9.0.36-3.71.1
tomcat-docs-webapp: before 9.0.36-3.71.1
tomcat-el-3_0-api: before 9.0.36-3.71.1
tomcat-javadoc: before 9.0.36-3.71.1
tomcat-jsp-2_3-api: before 9.0.36-3.71.1
tomcat-lib: before 9.0.36-3.71.1
tomcat-servlet-4_0-api: before 9.0.36-3.71.1
tomcat-webapps: before 9.0.36-3.71.1

SB2021110320 - SUSE update for tomcat

Breakdown by Severity

Description

Remediation

References

Please verify you're human