SUSE update for tomcat
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-41080 CVE-2023-42795 CVE-2023-45648 |
| CWE-ID | CWE-601 CWE-399 CWE-444 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP1 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system tomcat-lib Operating systems & Components / Operating system package or component tomcat Operating systems & Components / Operating system package or component tomcat-jsp-2_3-api Operating systems & Components / Operating system package or component tomcat-webapps Operating systems & Components / Operating system package or component tomcat-admin-webapps Operating systems & Components / Operating system package or component tomcat-servlet-4_0-api Operating systems & Components / Operating system package or component tomcat-el-3_0-api Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Open redirect
EUVDB-ID: #VU80089
Risk: Medium
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-41080
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationUpdate the affected package tomcat to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP1
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server 15: SP1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15: SP1
SUSE CaaS Platform: 4.0
tomcat-lib: before 9.0.36-150100.4.98.1
tomcat: before 9.0.36-150100.4.98.1
tomcat-jsp-2_3-api: before 9.0.36-150100.4.98.1
tomcat-webapps: before 9.0.36-150100.4.98.1
tomcat-admin-webapps: before 9.0.36-150100.4.98.1
tomcat-servlet-4_0-api: before 9.0.36-150100.4.98.1
tomcat-el-3_0-api: before 9.0.36-150100.4.98.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:tomcat-lib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-jsp-2_3-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-admin-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-servlet-4_0-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-el-3_0-api:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234423-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Resource management error
EUVDB-ID: #VU81800
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42795
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when recycling various internal objects. A remote attacker can force Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
Update the affected package tomcat to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP1
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server 15: SP1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15: SP1
SUSE CaaS Platform: 4.0
tomcat-lib: before 9.0.36-150100.4.98.1
tomcat: before 9.0.36-150100.4.98.1
tomcat-jsp-2_3-api: before 9.0.36-150100.4.98.1
tomcat-webapps: before 9.0.36-150100.4.98.1
tomcat-admin-webapps: before 9.0.36-150100.4.98.1
tomcat-servlet-4_0-api: before 9.0.36-150100.4.98.1
tomcat-el-3_0-api: before 9.0.36-150100.4.98.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:tomcat-lib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-jsp-2_3-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-admin-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-servlet-4_0-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-el-3_0-api:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234423-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU81799
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-45648
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationUpdate the affected package tomcat to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 15: SP1
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server 15: SP1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15: SP1
SUSE CaaS Platform: 4.0
tomcat-lib: before 9.0.36-150100.4.98.1
tomcat: before 9.0.36-150100.4.98.1
tomcat-jsp-2_3-api: before 9.0.36-150100.4.98.1
tomcat-webapps: before 9.0.36-150100.4.98.1
tomcat-admin-webapps: before 9.0.36-150100.4.98.1
tomcat-servlet-4_0-api: before 9.0.36-150100.4.98.1
tomcat-el-3_0-api: before 9.0.36-150100.4.98.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:tomcat-lib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-jsp-2_3-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-admin-webapps:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-servlet-4_0-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:tomcat-el-3_0-api:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20234423-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
