|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Apache Tomcat: several vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Apache Tomcat in order to generate a denial of service or to obtain information.
Vulnerable systems: Tomcat, BES, Debian, Fedora, Performance Center, HP-UX, JBoss AS OpenSource, NSM Central Manager, NSMXpress, Mandriva Linux, OpenSolaris, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity of this threat: 2/4.
Consequences of a hack: data reading, denial of service on service.
Pirate's origin: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 04/06/2009.
Revisions dates: 09/06/2009, 10/06/2010.
Références of this weakness: 263529, 6848375, 6849727, BID-35193, BID-35196, BID-35263, BID-35416, c01908935, c02181353, c02515878, CERTA-2009-AVI-211, CERTA-2010-AVI-220, CERTA-2011-AVI-169, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, DSA-2207-1, FEDORA-2009-11352, FEDORA-2009-11356, FEDORA-2009-11374, HPSBMA02535, HPSBUX02466, HPSBUX02579, KB25966, MDVSA-2009:136, MDVSA-2009:138, MDVSA-2009:163, MDVSA-2010:176, PSN-2012-05-584, RHSA-2009:1143-01, RHSA-2009:1144-01, RHSA-2009:1145-01, RHSA-2009:1146-01, RHSA-2009:1164-01, RHSA-2009:1454-01, RHSA-2009:1506-01, RHSA-2009:1562-01, RHSA-2009:1563-01, RHSA-2009:1616-01, RHSA-2009:1617-01, RHSA-2010:0602-02, SSRT090192, SSRT100029, SSRT100203, SUSE-SR:2009:012, SUSE-SR:2010:008, VIGILANCE-VUL-8762, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5.
Description of the vulnerability
Several vulnerabilities were announced in Apache Tomcat.
An attacker can use invalid headers in order to close the AJP connection. [severity:2/4; BID-35193, CVE-2009-0033]
When form authentication (j_security_check) is in mode MemoryRealm, DataSourceRealm or JDBCRealm, an attacker can use an invalid url encoding for the password. He can then detect if a username is valid. [severity:2/4; BID-35196, CVE-2009-0580]
A web application can change the XML parser, and thus access to the web.xml/context.xml file of another application. [severity:1/4; BID-35416, CVE-2009-0783]
The url path is unnecessary canonized in ApplicationHttpRequest.java. The url "http://s/dir1/dir2?/../" is for example converted to "http://s/dir1/". [severity:2/4; BID-35263, CERTA-2009-AVI-211, CERTA-2010-AVI-220, CVE-2008-5515]
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities database. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.