Vulnerabilities > CVE-2015-5345 - Path Traversal vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL34341852.NASL description The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) Impact A remote attacker may be able to determine the existence of restricted directories by exploiting this vulnerability. BIG-IP/Enterprise Manager The Tomcat service is not directly exposed to the network, as it only listens on a localhost socket with connections brokered through the Apache front-end web service. Traffix SDC Exploitation of this vulnerability may occur if an attacker has access to the local network of the system; the Tomcat service is accessible only from the internal network. last seen 2020-03-19 modified 2018-03-06 plugin id 107136 published 2018-03-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107136 title F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K34341852) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2599.NASL description From Red Hat Security Advisory 2016:2599 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 94718 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94718 title Oracle Linux 7 : tomcat (ELSA-2016-2599) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-680.NASL description ResourceLinkFactory.setGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. (CVE-2016-0763) The Manager and Host Manager applications were discovered to establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. (CVE-2015-5351) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714) It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706) last seen 2020-06-01 modified 2020-06-02 plugin id 90273 published 2016-04-01 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90273 title Amazon Linux AMI : tomcat7 (ALAS-2016-680) NASL family Web Servers NASL id TOMCAT_9_0_0_M3.NASL description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 9.0.0.M3. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345) - A flaw exists due to a failure to invalidate a previous session ID when assigning an ID to a new session. An attacker can exploit this, via a crafted request that uses the requestedSessionSSL field to fixate the session ID, to ensure that the user authenticates with a known session ID, allowing the session to be subsequently hijacked. (CVE-2015-5346) - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351) - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706) - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714) - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to. (CVE-2016-0763) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2019-01-11 plugin id 121125 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121125 title Apache Tomcat < 9.0.0.M3 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2045.NASL description From Red Hat Security Advisory 2016:2045 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 93947 published 2016-10-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93947 title Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy) NASL family Web Servers NASL id TOMCAT_7_0_68.NASL description According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345) - An information disclosure vulnerability exists in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An unauthenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. Note that the Apache Tomcat advisory does not list Tomcat version 7.0.0 as affected by this vulnerability. (CVE-2015-5351) - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706) - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714) - A flaw exists due to the setGlobalContext() method of ResourceLinkFactory being accessible to web applications even when run under a security manager. An unauthenticated, remote attacker can exploit this to inject malicious global context, allowing data owned by other web applications to be read or written to. (CVE-2016-0763) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-03-18 modified 2016-02-24 plugin id 88936 published 2016-02-24 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88936 title Apache Tomcat 7.0.x < 7.0.68 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1F1124FEDE5C11E58FA814DAE9D210B8.NASL description Mark Thomas reports : - CVE-2015-5345 Apache Tomcat Directory disclosure - CVE-2016-0706 Apache Tomcat Security Manager bypass - CVE-2016-0714 Apache Tomcat Security Manager Bypass last seen 2020-06-01 modified 2020-06-02 plugin id 89006 published 2016-02-29 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89006 title FreeBSD : tomcat -- multiple vulnerabilities (1f1124fe-de5c-11e5-8fa8-14dae9d210b8) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1054.NASL description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.(CVE-2015-5174) - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.(CVE-2015-5345) - The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.(CVE-2015-5351) - Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.(CVE-2016-0706) - The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.(CVE-2016-0714) - The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.(CVE-2016-0763) - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.(CVE-2016-3092) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99816 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99816 title EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1054) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3609.NASL description Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 91906 published 2016-07-01 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91906 title Debian DSA-3609-1 : tomcat8 - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1087.NASL description Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es) : * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) * A CSRF flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 91245 published 2016-05-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91245 title RHEL 6 : JBoss Web Server (RHSA-2016:1087) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3024-1.NASL description It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346) It was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351) It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706) It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714) It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763) It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91954 published 2016-07-06 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91954 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : tomcat6, tomcat7 vulnerabilities (USN-3024-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-384.NASL description This update for tomcat fixes the following issues : Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues : - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) - CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when different session settings are used for deployments of multiple versions of the same web application, might have allowed remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. (bsc#967814) - CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) - CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat established sessions and send CSRF tokens for arbitrary new requests, which allowed remote attackers to bypass a CSRF protection mechanism by using a token. (bsc#967812) - CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) - CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) - CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. (bsc#967966) The full changes can be read on: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2016-03-24 plugin id 90136 published 2016-03-24 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90136 title openSUSE Security Update : tomcat (openSUSE-2016-384) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3552.NASL description Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. last seen 2020-06-01 modified 2020-06-02 plugin id 90552 published 2016-04-18 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90552 title Debian DSA-3552-1 : tomcat7 - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2045.NASL description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 93950 published 2016-10-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93950 title RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy) NASL family Scientific Linux Local Security Checks NASL id SL_20161010_TOMCAT6_ON_SL6_X.NASL description Security Fix(es) : - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) - It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) - It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) - A directory traversal flaw was found in Tomcat last seen 2020-03-18 modified 2016-10-12 plugin id 94004 published 2016-10-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94004 title Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2599.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 95345 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95345 title CentOS 7 : tomcat (CESA-2016:2599) NASL family Scientific Linux Local Security Checks NASL id SL_20161103_TOMCAT_ON_SL7_X.NASL description The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). Security Fix(es) : - A CSRF flaw was found in Tomcat last seen 2020-03-18 modified 2016-12-15 plugin id 95863 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95863 title Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161103) NASL family Web Servers NASL id TOMCAT_8_0_30.NASL description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 8.0.30. It is, therefore, affected by an information disclosure vulnerability: - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2019-01-11 plugin id 121123 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121123 title Apache Tomcat < 8.0.30 Directory Disclosure NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3530.NASL description Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. last seen 2020-06-01 modified 2020-06-02 plugin id 90205 published 2016-03-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90205 title Debian DSA-3530-1 : tomcat6 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-435.NASL description Tomcat 6, an implementation of the Java Servlet and the JavaServer Pages (JSP) specifications and a pure Java web server environment, was affected by multiple security issues prior version 6.0.45. CVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. CVE-2015-5345 The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. CVE-2015-5351 The Manager and Host Manager applications in Apache Tomcat establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. CVE-2016-0706 Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache /catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. CVE-2016-0714 The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. CVE-2016-0763 The setGlobalContext method in org/apache/naming/factory /ResourceLinkFactory.java in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. For Debian 6 last seen 2020-03-17 modified 2016-02-29 plugin id 88996 published 2016-02-29 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88996 title Debian DLA-435-1 : tomcat6 security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1088.NASL description Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es) : * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) * A CSRF flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 91246 published 2016-05-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91246 title RHEL 7 : JBoss Web Server (RHSA-2016:1088) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2045.NASL description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 93965 published 2016-10-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93965 title CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-658.NASL description A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) last seen 2020-06-01 modified 2020-06-02 plugin id 89839 published 2016-03-11 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89839 title Amazon Linux AMI : tomcat8 (ALAS-2016-658) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-681.NASL description A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714) It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706) last seen 2020-06-01 modified 2020-06-02 plugin id 90274 published 2016-04-01 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90274 title Amazon Linux AMI : tomcat6 (ALAS-2016-681) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2599.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 94562 published 2016-11-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94562 title RHEL 7 : tomcat (RHSA-2016:2599) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201705-09.NASL description The remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions. A local attacker, who is a tomcat’s system user or belongs to tomcat’s group, could potentially escalate privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100262 published 2017-05-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100262 title GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-753.NASL description Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses several regressions stemming from incomplete fixes for CVE-2015-5345, CVE-2016-5018 and CVE-2016-6797. For Debian 7 last seen 2020-03-17 modified 2016-12-20 plugin id 96014 published 2016-12-20 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96014 title Debian DLA-753-1 : tomcat7 security update NASL family Web Servers NASL id TOMCAT_6_0_45.NASL description According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getResource(), getResourceAsStream(), and getResourcePaths() ServletContext methods due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted path traversal request, to gain access to the listing of directory contents. (CVE-2015-5174) - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345) - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706) - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-03-18 modified 2016-02-24 plugin id 88935 published 2016-02-24 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88935 title Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities
Redhat
advisories |
| ||||||||||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
- http://marc.info/?l=bugtraq&m=145974991225029&w=2
- http://marc.info/?l=bugtraq&m=145974991225029&w=2
- http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
- http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
- http://rhn.redhat.com/errata/RHSA-2016-1089.html
- http://rhn.redhat.com/errata/RHSA-2016-1089.html
- http://rhn.redhat.com/errata/RHSA-2016-2045.html
- http://rhn.redhat.com/errata/RHSA-2016-2045.html
- http://rhn.redhat.com/errata/RHSA-2016-2599.html
- http://rhn.redhat.com/errata/RHSA-2016-2599.html
- http://seclists.org/bugtraq/2016/Feb/146
- http://seclists.org/bugtraq/2016/Feb/146
- http://seclists.org/fulldisclosure/2016/Feb/122
- http://seclists.org/fulldisclosure/2016/Feb/122
- http://svn.apache.org/viewvc?view=revision&revision=1715206
- http://svn.apache.org/viewvc?view=revision&revision=1715206
- http://svn.apache.org/viewvc?view=revision&revision=1715207
- http://svn.apache.org/viewvc?view=revision&revision=1715207
- http://svn.apache.org/viewvc?view=revision&revision=1715213
- http://svn.apache.org/viewvc?view=revision&revision=1715213
- http://svn.apache.org/viewvc?view=revision&revision=1715216
- http://svn.apache.org/viewvc?view=revision&revision=1715216
- http://svn.apache.org/viewvc?view=revision&revision=1716882
- http://svn.apache.org/viewvc?view=revision&revision=1716882
- http://svn.apache.org/viewvc?view=revision&revision=1716894
- http://svn.apache.org/viewvc?view=revision&revision=1716894
- http://svn.apache.org/viewvc?view=revision&revision=1717209
- http://svn.apache.org/viewvc?view=revision&revision=1717209
- http://svn.apache.org/viewvc?view=revision&revision=1717212
- http://svn.apache.org/viewvc?view=revision&revision=1717212
- http://svn.apache.org/viewvc?view=revision&revision=1717216
- http://svn.apache.org/viewvc?view=revision&revision=1717216
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-9.html
- http://tomcat.apache.org/security-9.html
- http://www.debian.org/security/2016/dsa-3530
- http://www.debian.org/security/2016/dsa-3530
- http://www.debian.org/security/2016/dsa-3552
- http://www.debian.org/security/2016/dsa-3552
- http://www.debian.org/security/2016/dsa-3609
- http://www.debian.org/security/2016/dsa-3609
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
- http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
- http://www.securityfocus.com/bid/83328
- http://www.securityfocus.com/bid/83328
- http://www.securitytracker.com/id/1035071
- http://www.securitytracker.com/id/1035071
- http://www.ubuntu.com/usn/USN-3024-1
- http://www.ubuntu.com/usn/USN-3024-1
- https://access.redhat.com/errata/RHSA-2016:1087
- https://access.redhat.com/errata/RHSA-2016:1087
- https://access.redhat.com/errata/RHSA-2016:1088
- https://access.redhat.com/errata/RHSA-2016:1088
- https://bto.bluecoat.com/security-advisory/sa118
- https://bto.bluecoat.com/security-advisory/sa118
- https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
- https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
- https://kc.mcafee.com/corporate/index?page=content&id=SB10156
- https://kc.mcafee.com/corporate/index?page=content&id=SB10156
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://security.gentoo.org/glsa/201705-09
- https://security.gentoo.org/glsa/201705-09
- https://security.netapp.com/advisory/ntap-20180531-0001/
- https://security.netapp.com/advisory/ntap-20180531-0001/