Vulnerabilities > CVE-2017-5647 - Information Exposure vulnerability in Apache Tomcat

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apache
CWE-200
nessus
NVD
Published: 2017-04-17
Updated: 2023-12-08

Summary

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Vulnerable Configurations

Part Description Count
Application
Apache
205

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-924.NASL
    descriptionThe security update announced as DLA-924-1 introduced a regression in Tomcat
    last seen2020-03-17
    modified2017-05-01
    plugin id99735
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99735
    titleDebian DLA-924-2 : tomcat7 regression update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-3081.NASL
    descriptionAn update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104257
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104257
    titleCentOS 7 : tomcat (CESA-2017:3081)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-5261BA4605.NASL
    descriptionThis updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs : - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-28
    plugin id99718
    published2017-04-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99718
    titleFedora 25 : 1:tomcat (2017-5261ba4605)
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_24.NASL
    descriptionThe version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when
    last seen2020-03-18
    modified2017-11-02
    plugin id104358
    published2017-11-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104358
    titleApache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idTOMCAT_8_0_43.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.53, 7.0.x prior to 7.0.77, or 8.0.x prior to 8.0.43. It is therefore, affected by a flaw in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application
    last seen2020-03-18
    modified2017-04-14
    plugin id99367
    published2017-04-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99367
    titleApache Tomcat 6.0.x < 6.0.53 / 7.0.x < 7.0.77 / 8.0.x < 8.0.43 Pipelined Requests Information Disclosure
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3081.NASL
    descriptionFrom Red Hat Security Advisory 2017:3081 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104248
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104248
    titleOracle Linux 7 : tomcat (ELSA-2017-3081)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1262.NASL
    descriptionAccording to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat
    last seen2020-05-06
    modified2017-11-01
    plugin id104287
    published2017-11-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104287
    titleEulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-3080.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id119237
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119237
    titleVirtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3080.NASL
    descriptionFrom Red Hat Security Advisory 2017:3080 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104247
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104247
    titleOracle Linux 6 : tomcat6 (ELSA-2017-3080)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-0E64C4C186.NASL
    descriptionThis updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs : - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101573
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101573
    titleFedora 26 : 1:tomcat (2017-0e64c4c186)
  • NASL familyCGI abuses
    NASL idMYSQL_ENTERPRISE_MONITOR_3_3_4_3247.NASL
    descriptionAccording to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.8.2223 or 3.3.x prior to 3.3.4.3247. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Apache Tomcat component in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5647) - A flaw exists in the Apache Tomcat component in HTTP connectors when processing send files. If processing completed quickly, it was possible to add the processor to the processor cache twice, which allows the same processor to be used for multiple requests. An unauthenticated, remote attacker can exploit this to disclose sensitive information from other sessions or cause unexpected errors. (CVE-2017-5651)
    last seen2020-06-01
    modified2020-06-02
    plugin id101895
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101895
    titleMySQL Enterprise Monitor 3.2.x < 3.2.8.2223 / 3.3.x < 3.3.4.3247 Multiple Vulnerabilities (July 2017 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1801.NASL
    descriptionAn update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in tomcat
    last seen2020-05-09
    modified2018-08-29
    plugin id112177
    published2018-08-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112177
    titleRHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171030_TOMCAT6_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A vulnerability was discovered in Tomcat
    last seen2020-03-18
    modified2017-10-31
    plugin id104268
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104268
    titleScientific Linux Security Update : tomcat6 on SL6.x (noarch) (20171030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D5AA7C77D6.NASL
    descriptionThis updates includes a rebase from tomcat 8.0.42 up to 8.0.43 which resolves multiple CVEs : - rhbz#1441242 CVE-2017-5647 CVE-2017-5648 CVE-2017-5650 CVE-2017-5651 tomcat: various flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-28
    plugin id99720
    published2017-04-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99720
    titleFedora 24 : 1:tomcat (2017-d5aa7c77d6)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-3080.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104256
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104256
    titleCentOS 6 : tomcat6 (CESA-2017:3080)
  • NASL familyMisc.
    NASL idSYMANTEC_CONTENT_ANALYSIS_SYMSA1419.NASL
    descriptionThe version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. (CVE-2017-5647) - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. (CVE-2017-5664)
    last seen2020-06-01
    modified2020-06-02
    plugin id125633
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125633
    titleSymantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1419)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1261.NASL
    descriptionAccording to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Tomcat
    last seen2020-05-06
    modified2017-11-01
    plugin id104286
    published2017-11-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104286
    titleEulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple vulnerabilities: - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816) - A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id127359
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127359
    titleNewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3080.NASL
    descriptionAn update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104250
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104250
    titleRHEL 6 : tomcat6 (RHSA-2017:3080)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2493.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id102692
    published2017-08-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102692
    titleRHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171030_TOMCAT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A vulnerability was discovered in Tomcat
    last seen2020-03-18
    modified2017-10-31
    plugin id104269
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104269
    titleScientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)
  • NASL familyWeb Servers
    NASL idTOMCAT_8_5_13.NASL
    descriptionAccording to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.13 or 9.0.x prior to 9.0.0.M19. It is therefore affected by multiple vulnerabilities : - A flaw exists in the handling of pipelined requests when send file processing is used that results in the pipelined request being lost when processing of the previous request has completed, causing responses to be sent for the wrong request. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5647) - A flaw exists in the handling of HTTP/2 GOAWAY frames for a connection due to streams associated with the connection not being properly closed if the connection was currently waiting for a WINDOW_UPDATE before allowing the application to write more data. Each stream consumes a processing thread in the system. An unauthenticated, remote attacker can exploit this issue, via a series of specially crafted HTTP/2 requests, to consume all available threads, resulting in a denial of service condition. (CVE-2017-5650) - A flaw exists in HTTP connectors when processing send files. If processing completed quickly, it was possible to add the processor to the processor cache twice, which allows the same processor to be used for multiple requests. An unauthenticated, remote attacker can exploit this to disclose sensitive information from other sessions or cause unexpected errors. (CVE-2017-5651) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-03-18
    modified2017-04-14
    plugin id99368
    published2017-04-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99368
    titleApache Tomcat 8.5.x < 8.5.13 / 9.0.x < 9.0.0.M19 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3842.NASL
    descriptionTwo vulnerabilities were discovered in tomcat7, a servlet and JSP engine. - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. - CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.
    last seen2020-06-01
    modified2020-06-02
    plugin id99971
    published2017-05-04
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99971
    titleDebian DSA-3842-1 : tomcat7 - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3081.NASL
    descriptionAn update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id104251
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104251
    titleRHEL 7 : tomcat (RHSA-2017:3081)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-822.NASL
    descriptionIncorrect handling of pipelined requests when send file was used A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. (CVE-2017-5647) Calls to application listeners did not use the appropriate facade object While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen2020-06-01
    modified2020-06-02
    plugin id99535
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99535
    titleAmazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-822)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-586.NASL
    descriptionThis update for tomcat fixes the following issues : - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects.
    last seen2020-06-05
    modified2017-05-16
    plugin id100204
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100204
    titleopenSUSE Security Update : tomcat (openSUSE-2017-586)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-821.NASL
    descriptionIncorrect handling of pipelined requests when send file was used : A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. (CVE-2017-5647)
    last seen2020-06-01
    modified2020-06-02
    plugin id99534
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99534
    titleAmazon Linux AMI : tomcat6 (ALAS-2017-821)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3519-1.NASL
    descriptionIt was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5648) It was discovered that Tomcat incorrectly handled error pages. A remote attacker could possibly use this issue to replace or remove the custom error page. (CVE-2017-5664) It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105687
    published2018-01-09
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105687
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : tomcat7, tomcat8 vulnerabilities (USN-3519-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201705-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions. A local attacker, who is a tomcat&rsquo;s system user or belongs to tomcat&rsquo;s group, could potentially escalate privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100262
    published2017-05-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100262
    titleGLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3843.NASL
    descriptionTwo vulnerabilities were discovered in tomcat8, a servlet and JSP engine. - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. - CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.
    last seen2020-06-01
    modified2020-06-02
    plugin id99972
    published2017-05-04
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99972
    titleDebian DSA-3843-1 : tomcat8 - security update

Redhat

advisories
  • rhsa
    idRHSA-2017:1801
  • rhsa
    idRHSA-2017:1802
  • rhsa
    idRHSA-2017:2493
  • rhsa
    idRHSA-2017:2494
  • rhsa
    idRHSA-2017:3080
  • rhsa
    idRHSA-2017:3081
rpms
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat7-0:7.0.70-22.ep7.el6
  • tomcat7-0:7.0.70-22.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-javadoc-0:7.0.70-22.ep7.el6
  • tomcat7-javadoc-0:7.0.70-22.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-jsvc-0:7.0.70-22.ep7.el6
  • tomcat7-jsvc-0:7.0.70-22.ep7.el7
  • tomcat7-lib-0:7.0.70-22.ep7.el6
  • tomcat7-lib-0:7.0.70-22.ep7.el7
  • tomcat7-log4j-0:7.0.70-22.ep7.el6
  • tomcat7-log4j-0:7.0.70-22.ep7.el7
  • tomcat7-selinux-0:7.0.70-22.ep7.el6
  • tomcat7-selinux-0:7.0.70-22.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
  • tomcat7-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-webapps-0:7.0.70-22.ep7.el7
  • tomcat8-0:8.0.36-24.ep7.el6
  • tomcat8-0:8.0.36-24.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
  • tomcat8-javadoc-0:8.0.36-24.ep7.el6
  • tomcat8-javadoc-0:8.0.36-24.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
  • tomcat8-jsvc-0:8.0.36-24.ep7.el6
  • tomcat8-jsvc-0:8.0.36-24.ep7.el7
  • tomcat8-lib-0:8.0.36-24.ep7.el6
  • tomcat8-lib-0:8.0.36-24.ep7.el7
  • tomcat8-log4j-0:8.0.36-24.ep7.el6
  • tomcat8-log4j-0:8.0.36-24.ep7.el7
  • tomcat8-selinux-0:8.0.36-24.ep7.el6
  • tomcat8-selinux-0:8.0.36-24.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
  • tomcat8-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-webapps-0:8.0.36-24.ep7.el7
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2h-13.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2h-13.jbcs.el7
  • tomcat6-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-admin-webapps-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-admin-webapps-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-docs-webapp-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-docs-webapp-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-el-2.1-api-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-el-2.1-api-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-javadoc-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-jsp-2.1-api-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-lib-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-lib-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-log4j-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-log4j-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-maven-devel-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-maven-devel-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-servlet-2.5-api-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.41-17_patch_04.ep6.el7
  • tomcat6-webapps-0:6.0.41-17_patch_04.ep6.el6
  • tomcat6-webapps-0:6.0.41-17_patch_04.ep6.el7
  • tomcat7-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-admin-webapps-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-admin-webapps-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-docs-webapp-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-docs-webapp-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-el-2.2-api-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-el-2.2-api-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-javadoc-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-javadoc-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-jsp-2.2-api-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-lib-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-lib-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-log4j-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-log4j-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-maven-devel-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-maven-devel-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-servlet-3.0-api-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.54-25_patch_05.ep6.el7
  • tomcat7-webapps-0:7.0.54-25_patch_05.ep6.el6
  • tomcat7-webapps-0:7.0.54-25_patch_05.ep6.el7
  • tomcat6-0:6.0.24-111.el6_9
  • tomcat6-admin-webapps-0:6.0.24-111.el6_9
  • tomcat6-docs-webapp-0:6.0.24-111.el6_9
  • tomcat6-el-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-javadoc-0:6.0.24-111.el6_9
  • tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-lib-0:6.0.24-111.el6_9
  • tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9
  • tomcat6-webapps-0:6.0.24-111.el6_9
  • tomcat-0:7.0.76-3.el7_4
  • tomcat-admin-webapps-0:7.0.76-3.el7_4
  • tomcat-docs-webapp-0:7.0.76-3.el7_4
  • tomcat-el-2.2-api-0:7.0.76-3.el7_4
  • tomcat-javadoc-0:7.0.76-3.el7_4
  • tomcat-jsp-2.2-api-0:7.0.76-3.el7_4
  • tomcat-jsvc-0:7.0.76-3.el7_4
  • tomcat-lib-0:7.0.76-3.el7_4
  • tomcat-servlet-3.0-api-0:7.0.76-3.el7_4
  • tomcat-webapps-0:7.0.76-3.el7_4

References