Red Hat Security Advisory 2016-2046-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.
7056bf07b2e27a71e6bef5675f05761c70a99be39c2768af9f8c620a2a364046HP Security Bulletin HPSBUX03561 1 - Potential security vulnerabilities has been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create Denial of Service (DoS), access restriction bypass, unauthorized read access to files, arbitrary code execution, and execution of arbitrary code with privilege elevation. Revision 1 of this advisory.
b5ecc5252638e66ff1f2f7a910bebebcd847eea2f66b38f774d1ef2569c89a5aDebian Linux Security Advisory 3530-1 - Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
77795095ecabfbe0b7faeebcf56310cbe664e59cc59399f4ca8042fe47af5751Red Hat Security Advisory 2016-0492-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. Previously, using a New I/O connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs.
986c615e343a02a31239053dbcc2ca4ace64881603b3079b68d4cc77891cc485Debian Linux Security Advisory 3447-1 - It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.
27b922fd554a14b43ed9a8a5ebd539e704041fdb338081053b1978be139059aeDebian Linux Security Advisory 3428-1 - It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.
05a92bea4eddaa1806339aa6b8cea68aa995c5eecc0131cb0b84720f02ffb2e6Red Hat Security Advisory 2015-1622-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
13aec45125ba2969c607d511dc60176807f4dd755f549de21a54c10c4a03756cRed Hat Security Advisory 2015-1621-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
425d743b5848d796f3e0f97ec11e567d3afb6a59c35e2b4055b74bc5e70515d9Ubuntu Security Notice 2654-1 - It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
a174f8e325d9828914e2df7525e1cae37224c8bc3844309db620b32444e9b830Ubuntu Security Notice 2655-1 - It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Various other issues were also addressed.
b61abbda1322386d4a63d2565e2c7fe0a6030b7c311aa23adfc1d91d678321b9Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section. This issue only affects installations that run web applications from untrusted sources. Apache Tomcat versions 8.0.0-RC1 to 8.0.15, 7.0.0 to 7.0.57, and 6.0.0 to 6.0.43 are affected.
ae7ea53034ada919480d439f340f0f86e63c7361e273e4d38ea3034409f7672b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed