Vulnerabilities > CVE-2012-4534 - Resource Management Errors vulnerability in Apache Tomcat

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apache

CWE-399

nessus

NVD

Published: 2012-12-19

Updated: 2024-11-21

Summary

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Tomcat 6.0.33 Apache Tomcat 6.0.0 Apache Tomcat 6.0.6 Apache Tomcat 6.0.4 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10 Apache Tomcat 6.0.31 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.1 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.28 Apache Tomcat 6.0.14 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.2 Apache Tomcat 6.0.5 Apache Tomcat 6.0.30 Apache Tomcat 6.0.13 Apache Tomcat 6.0.8 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.35 Apache Tomcat 6.0.16 Apache Tomcat 7.0.2 Apache Tomcat 7.0.12 Apache Tomcat 7.0.20 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.5 Apache Tomcat 7.0.4 Apache Tomcat 7.0.22 Apache Tomcat 7.0.0 Apache Tomcat 7.0.6 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.7 Apache Tomcat 7.0.13 Apache Tomcat 7.0.15 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 7.0.25 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.9 Apache Tomcat 7.0.3	70

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201412-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-201412-29 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	79982
published	2014-12-15
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79982
title	GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-29. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79982); script_version("1.10"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2012-2733", "CVE-2012-3544", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887", "CVE-2013-2067", "CVE-2013-2071", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0033", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"); script_bugtraq_id(56402, 56403, 56812, 56813, 56814, 59797, 59798, 59799, 65400, 65767, 65768, 65769, 65773, 67667, 67668, 67669, 67671); script_xref(name:"GLSA", value:"201412-29"); script_name(english:"GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-29 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-29" ); script_set_attribute( attribute:"solution", value: "All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.41' All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.56'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tomcat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/tomcat", unaffected:make_list("ge 7.0.56", "rge 6.0.41", "rge 6.0.42", "rge 6.0.43", "rge 6.0.44", "rge 6.0.45", "rge 6.0.46", "rge 6.0.47", "rge 6.0.48"), vulnerable:make_list("lt 7.0.56"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache Tomcat"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0623.NASL
description	Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-06-01
modified	2020-06-02
plugin id	65201
published	2013-03-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65201
title	RHEL 6 : tomcat6 (RHSA-2013:0623)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0623. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(65201); script_version("1.23"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3546", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"); script_bugtraq_id(56403, 56812, 56813); script_xref(name:"RHSA", value:"2013:0623"); script_name(english:"RHEL 6 : tomcat6 (RHSA-2013:0623)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker could use this flaw to cause a denial of service (infinite loop). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2012-4534) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"http://tomcat.apache.org/security-6.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0623" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3546" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5885" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4534" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5886" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5887" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0623"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"tomcat6-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-admin-webapps-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-docs-webapp-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-el-2.1-api-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-javadoc-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-jsp-2.1-api-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-lib-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-servlet-2.5-api-6.0.24-52.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat6-webapps-6.0.24-52.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc"); } }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1685-1.NASL
description	It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546) It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. (CVE-2012-4431) It was discovered that Tomcat incorrectly handled sendfile and HTTPS when the NIO connector is used. A remote attacker could use this flaw to cause Tomcat to stop responsing, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4534). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	63535
published	2013-01-15
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63535
title	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1685-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(63535); script_version("1.15"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534"); script_xref(name:"USN", value:"1685-1"); script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546) It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. (CVE-2012-4431) It was discovered that Tomcat incorrectly handled sendfile and HTTPS when the NIO connector is used. A remote attacker could use this flaw to cause Tomcat to stop responsing, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4534). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1685-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libtomcat6-java and / or libtomcat7-java packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04\|11\.10\|12\.04\|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"libtomcat6-java", pkgver:"6.0.24-2ubuntu1.12")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libtomcat6-java", pkgver:"6.0.32-5ubuntu1.4")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libtomcat6-java", pkgver:"6.0.35-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"libtomcat7-java", pkgver:"7.0.30-0ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtomcat6-java / libtomcat7-java"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-24.NASL
description	- fix bnc#794548 - denial of service (CVE-2012-4534) - tomcat-CVE-2012-4534.patch fixes apache#53138, apache#52858 http://svn.apache.org/viewvc?view=rev&rev=1340218
last seen	2020-06-05
modified	2014-06-13
plugin id	74942
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74942
title	openSUSE Security Update : tomcat (openSUSE-SU-2013:0170-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0623.NASL
description	From Red Hat Security Advisory 2013:0623 : Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-06-01
modified	2020-06-02
plugin id	68786
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68786
title	Oracle Linux 6 : tomcat6 (ELSA-2013-0623)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2725.NASL
description	Two security issues have been found in the Tomcat servlet and JSP engine : - CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. - CVE-2013-2067 The FormAuthenticator module was vulnerable to session fixation.
last seen	2020-03-17
modified	2013-07-19
plugin id	68971
published	2013-07-19
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68971
title	Debian DSA-2725-1 : tomcat6 - several vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-20151.NASL
description	- Updated to 7.0.33 - Resolves: rhbz 873620 need chkconfig for update-alternatives - Resolves: rhbz 883676,883691,883704,873707 fix several security issues - Resolves: rhbz 883806 refix logdir ownership - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-12-20
plugin id	63309
published	2012-12-20
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63309
title	Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_TOMCAT6-130107.NASL
description	This update of tomcat6 fixes the following security issues : - denial of service. (CVE-2012-4534) - tomcat: HTTP NIO connector OOM DoS via a request with large headers. (CVE-2012-2733) - tomcat: cnonce tracking weakness. (CVE-2012-5885) - tomcat: authentication caching weakness. (CVE-2012-5886) - tomcat: stale nonce weakness. (CVE-2012-5887) - tomcat: affected by slowloris DoS. (CVE-2012-5568) - tomcat: Bypass of security constraints. (CVE-2012-3546) - tomcat: bypass of CSRF prevention filter. (CVE-2012-4431)
last seen	2020-06-05
modified	2013-02-04
plugin id	64430
published	2013-02-04
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64430
title	SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130311_TOMCAT6_ON_SL6_X.NASL
description	It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-03-18
modified	2013-03-13
plugin id	65243
published	2013-03-13
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65243
title	Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_134ACAA251EF11E28E340022156E8794.NASL
description	The Apache Software Foundation reports : When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	63364
published	2012-12-31
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/63364
title	FreeBSD : tomcat -- denial of service (134acaa2-51ef-11e2-8e34-0022156e8794)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0266.NASL
description	Updated tomcat6 packages that fix multiple security issues are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery (CSRF) prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. (CVE-2012-4431) A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker could use this flaw to cause a denial of service (infinite loop). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime (APR) connector from the Tomcat Native library was not affected by this flaw. (CVE-2012-4534) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) A denial of service flaw was found in the way the Tomcat HTTP NIO connector enforced limits on the permitted size of request headers. A remote attacker could use this flaw to trigger an OutOfMemoryError by sending a specially crafted request with very large headers. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The APR connector from the Tomcat Native library was not affected by this flaw. (CVE-2012-2733) Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	76234
published	2014-06-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76234
title	RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0266)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_TOMCAT_20140401.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - java/org/apache/coyote/http11/InternalNioInputBuffer.jav a in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. (CVE-2012-2733) - org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. (CVE-2012-3546) - org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. (CVE-2012-4431) - org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. (CVE-2012-4534) - The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. (CVE-2012-5885) - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. (CVE-2012-5886) - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. (CVE-2012-5887)
last seen	2020-06-01
modified	2020-06-02
plugin id	80791
published	2015-01-19
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/80791
title	Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-23.NASL
description	- fix bnc#794548 - denial of service (CVE-2012-4534) - apache-tomcat-CVE-2012-4534.patch fixes apache#53138, apache#52858 http://svn.apache.org/viewvc?view=rev&rev=1372035 - fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call req.getSesssion()
last seen	2020-06-05
modified	2014-06-13
plugin id	74938
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74938
title	openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)

NASL family	Web Servers
NASL id	TOMCAT_6_0_36.NASL
description	According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders() function that allows for a crafted header to cause a remote denial of service. (CVE-2012-2733) - An error exists related to FORM authentication that allows a security bypass if
last seen	2020-03-18
modified	2012-11-21
plugin id	62987
published	2012-11-21
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62987
title	Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

NASL family	Web Servers
NASL id	TOMCAT_7_0_28.NASL
description	According to its self-reported version number, the instance of Apache Tomcat 7.0 listening on the remote host is prior to 7.0.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the parseHeaders() function that allows an attacker, via a crafted header, to cause a remote denial of service. (CVE-2012-2733) - An error exists related to the
last seen	2020-03-18
modified	2012-11-21
plugin id	62985
published	2012-11-21
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62985
title	Apache Tomcat 7.0.x < 7.0.28 Multiple DoS

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0623.NASL
description	Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending
last seen	2020-06-01
modified	2020-06-02
plugin id	65225
published	2013-03-13
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65225
title	CentOS 6 : tomcat6 (CESA-2013:0623)

NASL family	Misc.
NASL id	VMWARE_VCENTER_VMSA-2013-0006.NASL
description	The version of VMware vCenter installed on the remote host is 5.1 prior to update 1. It therefore is potentially affected by the following vulnerabilities : - When deployed in an environment that uses Active Directory with anonymous LDAP binding enabled, VMware vCenter doesn
last seen	2020-06-01
modified	2020-06-02
plugin id	66274
published	2013-04-30
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66274
title	VMware Security Updates for vCenter Server (VMSA-2013-0006)

Oval

accepted

2015-04-20T04:01:13.792-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19398

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities

version

Redhat

advisories

rhsa

id	RHSA-2013:0623

rpms

tomcat6-0:6.0.35-29_patch_06.ep6.el6
tomcat6-0:6.0.35-6_patch_06.ep6.el5
tomcat6-admin-webapps-0:6.0.35-29_patch_06.ep6.el6
tomcat6-admin-webapps-0:6.0.35-6_patch_06.ep6.el5
tomcat6-docs-webapp-0:6.0.35-29_patch_06.ep6.el6
tomcat6-docs-webapp-0:6.0.35-6_patch_06.ep6.el5
tomcat6-el-1.0-api-0:6.0.35-29_patch_06.ep6.el6
tomcat6-el-1.0-api-0:6.0.35-6_patch_06.ep6.el5
tomcat6-javadoc-0:6.0.35-29_patch_06.ep6.el6
tomcat6-javadoc-0:6.0.35-6_patch_06.ep6.el5
tomcat6-jsp-2.1-api-0:6.0.35-29_patch_06.ep6.el6
tomcat6-jsp-2.1-api-0:6.0.35-6_patch_06.ep6.el5
tomcat6-lib-0:6.0.35-29_patch_06.ep6.el6
tomcat6-lib-0:6.0.35-6_patch_06.ep6.el5
tomcat6-log4j-0:6.0.35-29_patch_06.ep6.el6
tomcat6-log4j-0:6.0.35-6_patch_06.ep6.el5
tomcat6-servlet-2.5-api-0:6.0.35-29_patch_06.ep6.el6
tomcat6-servlet-2.5-api-0:6.0.35-6_patch_06.ep6.el5
tomcat6-webapps-0:6.0.35-29_patch_06.ep6.el6
tomcat6-webapps-0:6.0.35-6_patch_06.ep6.el5
tomcat6-0:6.0.24-52.el6_4
tomcat6-admin-webapps-0:6.0.24-52.el6_4
tomcat6-docs-webapp-0:6.0.24-52.el6_4
tomcat6-el-2.1-api-0:6.0.24-52.el6_4
tomcat6-javadoc-0:6.0.24-52.el6_4
tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4
tomcat6-lib-0:6.0.24-52.el6_4
tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4
tomcat6-webapps-0:6.0.24-52.el6_4

The Hacker News

id	THN:109F3CE2A5819B3E1345F63EBB346D6C
last seen	2017-01-08
modified	2012-12-05
published	2012-12-05
reporter	Mohit Kumar
source	http://thehackernews.com/2012/12/apache-tomcat-multiple-critical.html
title	Apache Tomcat Multiple Critical Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

The Hacker News

References