Tomcat versions 7.0.0 through 7.0.18, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated.
74bcc8fd613635840905f130972f0216bb8281906fd6fe8ef93ea6151da404a8
Red Hat Security Advisory 2012-0075-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
3967876ba80d348d6a7fa18fec993a5850529c859a7070df5abbd60a9a1cc5c2
Red Hat Security Advisory 2012-0077-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
62189c2efd836c99ad687dbdd17abd498e1f9ee30e32a8d54d4d85ae4f68bce5
Red Hat Security Advisory 2012-0076-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
c37cdb370faed7aec780b9b7f3059e2ba1f342262670c61553cb34a4e6c9b355
Secunia Security Advisory - Oracle has acknowledged a weakness, a security issue and two vulnerabilities in Apache Tomcat included in Solaris, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
78b2751c14d8168006330dad1b74702f424aa948d207cbecdf9c85ea1d15fa4f
Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1b466d082d2267ca71f83a08144d6955700aec8863f9090a175f90a0cac0bd94
Apache Tomcat versions 7.0.0 through 7.0.22, 6.0.0 through 6.0.33 and 5.5.0 through 5.5.34 suffer from a denial of service vulnerability. Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
91683493631ac17694efb967a6ef7a95ecd52cfe845509e1adf11897be5f34ba
Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.
695b51d032225ec928c8519f49f22751af65d121b0245e9711e796b1c5d80457
Secunia Security Advisory - A security issue has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions.
68bbf82ea8f50e63801250a213717b7338566acbb71e038fe08416f5630882ab
Secunia Security Advisory - A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to cause a DoS (Denial of Service).
08c0280a9ff85e6fd069d436ab1c1f23e00ed9d8f5e0f052c9e106308493d17c
Secunia Security Advisory - Red Hat has issued an update for tomcat5. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and disclose sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
9c8414a97a54c5a65e2862ff86dbc79de0b4db6cc8a66f0921308cfe79cd2dcc
Red Hat Security Advisory 2011-1845-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. A cross-site scripting flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages.
3793c6fc1e12931835b9486790eaeaec2b11866eebf59fdbbba3730d61befa79
Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
65ee4ebcea2824b20175ed990adfa30b33c1e99fec0df11faac95f9083ca9e76
Red Hat Security Advisory 2011-1780-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however.
592df6d954f425a55dd58c209ed7778584ac1a80af52bc9c7ce6a5ffab5e20fe
HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071
Secunia Security Advisory - HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
5aeee214506904de7f2c6d70290bfbc61c04b765694d6d409d8cd55614f1a659
Secunia Security Advisory - A security issue has been reported in Apache Tomcat, which can be exploited by malicious users to bypass certain security restrictions.
d229be548145889e7fb67fbb1fd2301ae80947441816677e8ed73f18f1bc5a5f
Secunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
e1f13702cb3d30f4c505686807b0fce32dd18435e743137299e15a05056cbc3e
Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Apache Tomcat included in Solaris, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
0229f1e9c855224606a9245b0659716ef9b810cd6ec8e75c27998f873187a352
Apache Tomcat versions 7.0.0 through 7.0.21 suffer from a privilege escalation vulnerability.
db98c999e09c8cf10202b3881bc76f4cc618f165fad71787b048134ae1a131ca
Ubuntu Security Notice 1252-1 - It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. Various other issues were also addressed.
28aee79644857554f6d36467480b95031c6ebb092461df659ce6ae0eff7d548a
Secunia Security Advisory - Fedora has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting attacks, and cause a DoS (Denial of Service).
e2239911cbdd56c4c6f0d36606ed1735d56c4acf0b38d5ca0329f2f4a25b89aa
Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
b2c7cee78dc0a955a2f2c042e67a3848b405f7deb0d7e35b46e4354ba47ef1f1
Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
0f05ad1684b58c01b042b9590182aea758c3a0195af4d25e5aa560108d22bae8
Secunia Security Advisory - SUSE has issued an update for tomcat5. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
553024aa86462ef218719c53062391b53cc8eb6db2d05a828d5666f81278eeed
Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
ef0d4c069ff5eff4da4c340335c5058fa7ef92b1e2389cb6c9849ef1c1a08c00