exploit the possibilities

Mandriva Linux Security Advisory 2015-053

Mandriva Linux Security Advisory 2015-053
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-053 - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. Various other issues have also been addressed.

tags | advisory, java, remote, web, denial of service, overflow, arbitrary, xxe
systems | linux, mandriva
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
MD5 | 4fee90ad2412473f904b3b092027885a

Mandriva Linux Security Advisory 2015-053

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:053
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : tomcat6
Date : March 3, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated tomcat6 packages fix security vulnerabilities:

Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during
the streaming of data (CVE-2014-0075).

java/org/apache/catalina/servlets/DefaultServlet.java in the default
servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not
properly restrict XSLT stylesheets, which allows remote attackers
to bypass security-manager restrictions and read arbitrary files
via a crafted web application that provides an XML external entity
declaration in conjunction with an entity reference, related to an
XML External Entity (XXE) issue (CVE-2014-0096).

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in
Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated
behind a reverse proxy, allows remote attackers to conduct HTTP
request smuggling attacks via a crafted Content-Length HTTP header
(CVE-2014-0099).

Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly
constrain the class loader that accesses the XML parser used with
an XSLT stylesheet, which allows remote attackers to read arbitrary
files via a crafted web application that provides an XML external
entity declaration in conjunction with an entity reference, related
to an XML External Entity (XXE) issue, or read files associated with
different web applications on a single Tomcat instance via a crafted
web application (CVE-2014-0119).

In Apache Tomcat 6.x before 6.0.55, it was possible to craft a
malformed chunk as part of a chunked request that caused Tomcat to
read part of the request body as a new request (CVE-2014-0227).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
http://advisories.mageia.org/MGASA-2014-0268.html
http://advisories.mageia.org/MGASA-2015-0081.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
1e8a7ceba7befde2cc00e4692edbb2c4 mbs1/x86_64/tomcat6-6.0.43-1.mbs1.noarch.rpm
06f517754e9d043a05a465bfbc9511d9 mbs1/x86_64/tomcat6-admin-webapps-6.0.43-1.mbs1.noarch.rpm
12662943e4b7474eaeb884414c1542a3 mbs1/x86_64/tomcat6-docs-webapp-6.0.43-1.mbs1.noarch.rpm
0e93126df244648f82045ef4380d4680 mbs1/x86_64/tomcat6-el-2.1-api-6.0.43-1.mbs1.noarch.rpm
f9856715fa849af74d5a4a6893111572 mbs1/x86_64/tomcat6-javadoc-6.0.43-1.mbs1.noarch.rpm
df7e1851bec9805d843197db0f8fda41 mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.43-1.mbs1.noarch.rpm
ed5b6f2cd6884b92613997b6dfd77cb7 mbs1/x86_64/tomcat6-lib-6.0.43-1.mbs1.noarch.rpm
a273b8f736fd13fb066a6d7052eea925 mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.43-1.mbs1.noarch.rpm
127d1d1ecf7b6be75ac9f306f66f08fd mbs1/x86_64/tomcat6-systemv-6.0.43-1.mbs1.noarch.rpm
955d38f8c9dade3438dd254fe1778075 mbs1/x86_64/tomcat6-webapps-6.0.43-1.mbs1.noarch.rpm
816110f95d3ee2f6347c9c057695d6d0 mbs1/SRPMS/tomcat6-6.0.43-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFU9XyKmqjQ0CJFipgRAvukAKCI1DXuj5eJr1SVaNIoXhz9PUilpQCg0l4c
77X/s+2Ee3FYUp9lZWBmLRg=
=pm31
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close