Vulnerabilities > CVE-2011-2204 - Information Exposure vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0680.NASL description Updated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133. It also resolves the following security issues : Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 78924 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78924 title RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680) NASL family Fedora Local Security Checks NASL id FEDORA_2011-13456.NASL description Fix for CVE-2011-3190 This release is the first using a systemd unit file. SystemV files are packaged separately. During this transition users may experience this error: last seen 2020-06-01 modified 2020-06-02 plugin id 56572 published 2011-10-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56572 title Fedora 15 : tomcat6-6.0.32-8.fc15 (2011-13456) NASL family SuSE Local Security Checks NASL id SUSE_11_3_TOMCAT6-110815.NASL description The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak (CVE-2011-2204) - Fixed atomcat information leak and DoS (CVE-2011-2526) Also one bug was fixed : - fix bnc#702289 - suse manager pam ldap authentication fails - source CATALINA_HOME/bin/setenv.sh if exists last seen 2020-06-01 modified 2020-06-02 plugin id 75762 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75762 title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1845.NASL description Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host last seen 2020-06-01 modified 2020-06-02 plugin id 57356 published 2011-12-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57356 title RHEL 5 : tomcat5 (RHSA-2011:1845) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-24.NASL description The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59677 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59677 title GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-13426.NASL description Fix for CVE-2011-3190 This release is the first using a systemd unit file. SystemV files are packaged separately. During this transition users may experience this error: last seen 2020-06-01 modified 2020-06-02 plugin id 56537 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56537 title Fedora 16 : tomcat6-6.0.32-17.fc16 (2011-13426) NASL family Fedora Local Security Checks NASL id FEDORA_2011-13457.NASL description Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56573 published 2011-10-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56573 title Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-25.NASL description Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. last seen 2020-06-01 modified 2020-06-02 plugin id 69584 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69584 title Amazon Linux AMI : tomcat6 (ALAS-2011-25) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1780.NASL description Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 57023 published 2011-12-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57023 title RHEL 6 : tomcat6 (RHSA-2011:1780) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0682.NASL description Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues : Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 78925 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78925 title RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682) NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-7689.NASL description The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak. (CVE-2011-2204) - Fixed a tomcat information leak and DoS (CVE-2011-2526) last seen 2020-06-01 modified 2020-06-02 plugin id 57255 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57255 title SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7689) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-156.NASL description Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses (CVE-2011-1184). Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file (CVE-2011-2204). Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application (CVE-2011-2526). Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request (CVE-2011-3190). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56551 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56551 title Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156) NASL family Scientific Linux Local Security Checks NASL id SL_20111205_TOMCAT6_ON_SL6.NASL description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Scientific Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 61184 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61184 title Scientific Linux Security Update : tomcat6 on SL6.x NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1780.NASL description Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 57374 published 2011-12-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57374 title CentOS 6 : tomcat6 (CESA-2011:1780) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-001.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57798 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57798 title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST) NASL family Scientific Linux Local Security Checks NASL id SL_20111220_TOMCAT5_ON_SL5_X.NASL description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host last seen 2020-06-01 modified 2020-06-02 plugin id 61211 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61211 title Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 NASL family Web Servers NASL id TOMCAT_7_0_19.NASL description According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.17. It is, therefore, affected by the following vulnerabilities : - An error handling issue exists related to the MemoryUserDatabase that allows user passwords to be disclosed through log files. (CVE-2011-2204) - If loaded before other web applications, a malicious web application can potentially access or modify the web.xml, context.xml, and TLD files of other web applications on the system. (CVE-2011-2481) - An input validation error exists that allows a local attacker to either bypass security or carry out denial of service attacks when the APR or NIO connectors are enabled. (CVE-2011-2526) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2011-08-03 plugin id 55759 published 2011-08-03 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55759 title Apache Tomcat 7.x < 7.0.17 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1845.NASL description Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host last seen 2020-06-01 modified 2020-06-02 plugin id 57354 published 2011-12-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57354 title CentOS 5 : tomcat5 (CESA-2011:1845) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1780.NASL description From Red Hat Security Advisory 2011:1780 : Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application last seen 2020-06-01 modified 2020-06-02 plugin id 68399 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68399 title Oracle Linux 6 : tomcat6 (ELSA-2011-1780) NASL family SuSE Local Security Checks NASL id SUSE_11_4_TOMCAT6-110815.NASL description The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak (CVE-2011-2204) - Fixed atomcat information leak and DoS (CVE-2011-2526) Also one bug was fixed : - fix bnc#702289 - suse manager pam ldap authentication fails - source CATALINA_HOME/bin/setenv.sh if exists last seen 2020-06-01 modified 2020-06-02 plugin id 76034 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76034 title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1) NASL family Web Servers NASL id TOMCAT_5_5_34.NASL description According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.34. It is, there, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, last seen 2020-03-18 modified 2011-09-26 plugin id 56301 published 2011-09-26 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56301 title Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1252-1.NASL description It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. (CVE-2011-1184) Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204) It was discovered that Tomcat incorrectly validated certain request attributes when sendfile is enabled. A local attacker could bypass intended restrictions, or cause the JVM to crash, resulting in a denial of service. (CVE-2011-2526) It was discovered that Tomcat incorrectly handled certain AJP requests. A remote attacker could use this flaw to spoof requests, bypass authentication, and obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56746 published 2011-11-09 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56746 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2401.NASL description Several vulnerabilities have been found in Tomcat, a servlet and JSP engine : - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. - CVE-2011-2204 In rare setups passwords were written into a logfile. - CVE-2011-2526 Missing input sanitising in the HTTP APR or HTTP NIO connectors could lead to denial of service. - CVE-2011-3190 AJP requests could be spoofed in some setups. - CVE-2011-3375 Incorrect request caching could lead to information disclosure. - CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests. Additional information can be found at last seen 2020-03-17 modified 2012-02-03 plugin id 57812 published 2012-02-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57812 title Debian DSA-2401-1 : tomcat6 - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-7688.NASL description The following security issues were fixed in tomcat : - Fixed a tomcat user password information leak. (CVE-2011-2204) - Fixed a tomcat information leak and DoS (CVE-2011-2526) last seen 2020-06-01 modified 2020-06-02 plugin id 56035 published 2011-09-01 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56035 title SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1845.NASL description From Red Hat Security Advisory 2011:1845 : Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host last seen 2020-06-01 modified 2020-06-02 plugin id 68410 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68410 title Oracle Linux 5 : tomcat5 (ELSA-2011-1845) NASL family Web Servers NASL id TOMCAT_6_0_33.NASL description According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities : - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, last seen 2020-03-18 modified 2011-08-30 plugin id 56008 published 2011-08-30 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56008 title Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities
Oval
accepted 2015-04-20T04:00:43.563-04:00 class vulnerability contributors name Yamini Mohan R organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. family unix id oval:org.mitre.oval:def:14931 status accepted submitted 2012-01-30T11:36:29.000-05:00 title HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) version 48 accepted 2015-04-20T04:01:26.911-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. family unix id oval:org.mitre.oval:def:19532 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities version 47
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.osvdb.org/73429
- https://bugzilla.redhat.com/show_bug.cgi?id=717013
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-7.html
- http://secunia.com/advisories/44981
- http://securitytracker.com/id?1025712
- http://www.securityfocus.com/bid/48456
- http://www.redhat.com/support/errata/RHSA-2011-1845.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
- http://support.apple.com/kb/HT5130
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://www.debian.org/security/2012/dsa-2401
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
- http://secunia.com/advisories/48308
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E