Vulnerabilities > CVE-2016-8745 - 7PK - Errors vulnerability in Apache Tomcat

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apache
CWE-388
nessus

Summary

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Vulnerable Configurations

Part Description Count
Application
Apache
138

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1081.NASL
    descriptionAccording to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-03
    plugin id99947
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99947
    titleEulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99947);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-6816",
        "CVE-2016-8745"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the tomcat packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - It was discovered that the code that parsed the HTTP
        request line permitted invalid characters. This could
        be exploited, in conjunction with a proxy that also
        permitted the invalid characters but with a different
        interpretation, to inject data into the HTTP response.
        By manipulating the HTTP response the attacker could
        poison a web-cache, perform an XSS attack, or obtain
        sensitive information from requests other then their
        own. (CVE-2016-6816)
    
      - A bug was discovered in the error handling of the send
        file code for the NIO HTTP connector. This led to the
        current Processor object being added to the Processor
        cache multiple times allowing information leakage
        between requests including, and not limited to, session
        ID and the response body. (CVE-2016-8745)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?486df412");
      script_set_attribute(attribute:"solution", value:
    "Update the affected tomcat packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tomcat-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["tomcat-7.0.69-11",
            "tomcat-admin-webapps-7.0.69-11",
            "tomcat-el-2.2-api-7.0.69-11",
            "tomcat-jsp-2.2-api-7.0.69-11",
            "tomcat-lib-7.0.69-11",
            "tomcat-servlet-3.0-api-7.0.69-11",
            "tomcat-webapps-7.0.69-11"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0527.NASL
    descriptionFrom Red Hat Security Advisory 2017:0527 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id97765
    published2017-03-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97765
    titleOracle Linux 6 : tomcat6 (ELSA-2017-0527)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-19C5440ABE.NASL
    descriptionSecurity fix for CVE-2016-8745 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-02
    plugin id97481
    published2017-03-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97481
    titleFedora 24 : 1:tomcat (2017-19c5440abe)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0455.NASL
    descriptionAn update is now available for Red Hat JBoss Web Server 3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Security Fix(es) : * It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240) * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * The JmxRemoteLifecycleListener was not updated to take account of Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id97595
    published2017-03-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97595
    titleRHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3754.NASL
    descriptionIt was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure.
    last seen2020-06-01
    modified2020-06-02
    plugin id96344
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96344
    titleDebian DSA-3754-1 : tomcat7 - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL
    descriptionThe Apache Software Foundation reports : Important: Information Disclosure CVE-2016-8745
    last seen2020-06-01
    modified2020-06-02
    plugin id96372
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96372
    titleFreeBSD : tomcat -- information disclosure vulnerability (e5ec2767-d529-11e6-ae1b-002590263bf5)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0935.NASL
    descriptionAn update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101450
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101450
    titleVirtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0935.NASL
    descriptionFrom Red Hat Security Advisory 2017:0935 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id99334
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99334
    titleOracle Linux 7 : tomcat (ELSA-2017-0935)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0935.NASL
    descriptionAn update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id99384
    published2017-04-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99384
    titleCentOS 7 : tomcat (CESA-2017:0935)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-779.NASL
    descriptionA bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body. In addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816. For Debian 7
    last seen2020-03-17
    modified2017-01-11
    plugin id96396
    published2017-01-11
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96396
    titleDebian DLA-779-1 : tomcat7 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3177-2.NASL
    descriptionUSN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn
    last seen2020-06-01
    modified2020-06-02
    plugin id96978
    published2017-02-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96978
    titleUbuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy)
  • NASL familyWeb Servers
    NASL idTOMCAT_8_5_9.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or 9.0.x prior to 9.0.0.M15. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application
    last seen2020-03-18
    modified2016-12-21
    plugin id96003
    published2016-12-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96003
    titleApache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0527.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101438
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101438
    titleVirtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0456.NASL
    descriptionAn update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Security Fix(es) : * It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240) * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * The JmxRemoteLifecycleListener was not updated to take account of Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id97596
    published2017-03-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97596
    titleRHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170315_TOMCAT6_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-03-18
    modified2017-03-16
    plugin id97770
    published2017-03-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97770
    titleScientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple vulnerabilities: - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) - A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id127359
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127359
    titleNewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-796.NASL
    descriptionA bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body.
    last seen2020-06-01
    modified2020-06-02
    plugin id97146
    published2017-02-15
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97146
    titleAmazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3177-1.NASL
    descriptionIt was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn
    last seen2020-06-01
    modified2020-06-02
    plugin id96720
    published2017-01-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96720
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0527.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id97795
    published2017-03-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97795
    titleCentOS 6 : tomcat6 (CESA-2017:0527)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170412_TOMCAT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-03-18
    modified2017-04-13
    plugin id99353
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99353
    titleScientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3755.NASL
    descriptionIt was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure.
    last seen2020-06-01
    modified2020-06-02
    plugin id96345
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96345
    titleDebian DSA-3755-1 : tomcat8 - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-810.NASL
    descriptionIt was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id99037
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99037
    titleAmazon Linux AMI : tomcat6 (ALAS-2017-810)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0935.NASL
    descriptionAn update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id99348
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99348
    titleRHEL 7 : tomcat (RHSA-2017:0935)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-586.NASL
    descriptionThis update for tomcat fixes the following issues : - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects.
    last seen2020-06-05
    modified2017-05-16
    plugin id100204
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100204
    titleopenSUSE Security Update : tomcat (openSUSE-2017-586)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1082.NASL
    descriptionAccording to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-03
    plugin id99948
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99948
    titleEulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0527.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
    last seen2020-06-01
    modified2020-06-02
    plugin id97767
    published2017-03-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97767
    titleRHEL 6 : tomcat6 (RHSA-2017:0527)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201705-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions. A local attacker, who is a tomcat&rsquo;s system user or belongs to tomcat&rsquo;s group, could potentially escalate privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100262
    published2017-05-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100262
    titleGLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-376AE2B92C.NASL
    descriptionSecurity fix for CVE-2016-8745 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-02-23
    plugin id97337
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97337
    titleFedora 25 : 1:tomcat (2017-376ae2b92c)

Redhat

advisories
  • bugzilla
    id1403824
    titleCVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commenttomcat6-admin-webapps is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527001
          • commenttomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335004
        • AND
          • commenttomcat6-javadoc is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527003
          • commenttomcat6-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335012
        • AND
          • commenttomcat6-docs-webapp is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527005
          • commenttomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335016
        • AND
          • commenttomcat6-webapps is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527007
          • commenttomcat6-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335020
        • AND
          • commenttomcat6-lib is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527009
          • commenttomcat6-lib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335010
        • AND
          • commenttomcat6 is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527011
          • commenttomcat6 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335008
        • AND
          • commenttomcat6-jsp-2.1-api is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527013
          • commenttomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335006
        • AND
          • commenttomcat6-el-2.1-api is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527015
          • commenttomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335018
        • AND
          • commenttomcat6-servlet-2.5-api is earlier than 0:6.0.24-105.el6_8
            ovaloval:com.redhat.rhsa:tst:20170527017
          • commenttomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110335002
    rhsa
    idRHSA-2017:0527
    released2017-03-15
    severityModerate
    titleRHSA-2017:0527: tomcat6 security update (Moderate)
  • bugzilla
    id1403824
    titleCVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commenttomcat is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935001
          • commenttomcat is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686006
        • AND
          • commenttomcat-docs-webapp is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935003
          • commenttomcat-docs-webapp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686016
        • AND
          • commenttomcat-webapps is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935005
          • commenttomcat-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686010
        • AND
          • commenttomcat-admin-webapps is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935007
          • commenttomcat-admin-webapps is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686002
        • AND
          • commenttomcat-el-2.2-api is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935009
          • commenttomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686014
        • AND
          • commenttomcat-javadoc is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935011
          • commenttomcat-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686018
        • AND
          • commenttomcat-jsvc is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935013
          • commenttomcat-jsvc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686020
        • AND
          • commenttomcat-jsp-2.2-api is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935015
          • commenttomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686004
        • AND
          • commenttomcat-lib is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935017
          • commenttomcat-lib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686012
        • AND
          • commenttomcat-servlet-3.0-api is earlier than 0:7.0.69-11.el7_3
            ovaloval:com.redhat.rhsa:tst:20170935019
          • commenttomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140686008
    rhsa
    idRHSA-2017:0935
    released2017-04-12
    severityModerate
    titleRHSA-2017:0935: tomcat security update (Moderate)
  • rhsa
    idRHSA-2017:0455
  • rhsa
    idRHSA-2017:0456
  • rhsa
    idRHSA-2017:0457
rpms
  • hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6
  • jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6
  • jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6
  • jbcs-httpd24-runtime-0:1-3.jbcs.el6
  • mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • tomcat-native-0:1.2.8-9.redhat_9.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6
  • tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6
  • tomcat7-0:7.0.70-16.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-16.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-16.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6
  • tomcat7-javadoc-0:7.0.70-16.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6
  • tomcat7-jsvc-0:7.0.70-16.ep7.el6
  • tomcat7-lib-0:7.0.70-16.ep7.el6
  • tomcat7-log4j-0:7.0.70-16.ep7.el6
  • tomcat7-selinux-0:7.0.70-16.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6
  • tomcat7-webapps-0:7.0.70-16.ep7.el6
  • tomcat8-0:8.0.36-17.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-17.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-17.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6
  • tomcat8-javadoc-0:8.0.36-17.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6
  • tomcat8-jsvc-0:8.0.36-17.ep7.el6
  • tomcat8-lib-0:8.0.36-17.ep7.el6
  • tomcat8-log4j-0:8.0.36-17.ep7.el6
  • tomcat8-selinux-0:8.0.36-17.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6
  • tomcat8-webapps-0:8.0.36-17.ep7.el6
  • hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7
  • jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7
  • jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7
  • jbcs-httpd24-runtime-0:1-3.jbcs.el7
  • mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • tomcat-native-0:1.2.8-9.redhat_9.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7
  • tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7
  • tomcat7-0:7.0.70-16.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-16.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-16.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7
  • tomcat7-javadoc-0:7.0.70-16.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7
  • tomcat7-jsvc-0:7.0.70-16.ep7.el7
  • tomcat7-lib-0:7.0.70-16.ep7.el7
  • tomcat7-log4j-0:7.0.70-16.ep7.el7
  • tomcat7-selinux-0:7.0.70-16.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7
  • tomcat7-webapps-0:7.0.70-16.ep7.el7
  • tomcat8-0:8.0.36-17.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-17.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-17.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7
  • tomcat8-javadoc-0:8.0.36-17.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7
  • tomcat8-jsvc-0:8.0.36-17.ep7.el7
  • tomcat8-lib-0:8.0.36-17.ep7.el7
  • tomcat8-log4j-0:8.0.36-17.ep7.el7
  • tomcat8-selinux-0:8.0.36-17.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7
  • tomcat8-webapps-0:8.0.36-17.ep7.el7
  • tomcat6-0:6.0.24-105.el6_8
  • tomcat6-admin-webapps-0:6.0.24-105.el6_8
  • tomcat6-docs-webapp-0:6.0.24-105.el6_8
  • tomcat6-el-2.1-api-0:6.0.24-105.el6_8
  • tomcat6-javadoc-0:6.0.24-105.el6_8
  • tomcat6-jsp-2.1-api-0:6.0.24-105.el6_8
  • tomcat6-lib-0:6.0.24-105.el6_8
  • tomcat6-servlet-2.5-api-0:6.0.24-105.el6_8
  • tomcat6-webapps-0:6.0.24-105.el6_8
  • tomcat-0:7.0.69-11.el7_3
  • tomcat-admin-webapps-0:7.0.69-11.el7_3
  • tomcat-docs-webapp-0:7.0.69-11.el7_3
  • tomcat-el-2.2-api-0:7.0.69-11.el7_3
  • tomcat-javadoc-0:7.0.69-11.el7_3
  • tomcat-jsp-2.2-api-0:7.0.69-11.el7_3
  • tomcat-jsvc-0:7.0.69-11.el7_3
  • tomcat-lib-0:7.0.69-11.el7_3
  • tomcat-servlet-3.0-api-0:7.0.69-11.el7_3
  • tomcat-webapps-0:7.0.69-11.el7_3

References