Vulnerabilities > CVE-2018-1336 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2701.NASL description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 117471 published 2018-09-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117471 title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 5 (RHSA-2018:2701) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2701. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(117471); script_version("1.6"); script_cvs_date("Date: 2019/10/24 15:35:45"); script_cve_id("CVE-2018-1336"); script_xref(name:"RHSA", value:"2018:2701"); script_name(english:"RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 5 (RHSA-2018:2701)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); # https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0349df1b" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2701" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1336" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:2701"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"tomcat7-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-admin-webapps-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-docs-webapp-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-el-2.2-api-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-javadoc-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-jsp-2.2-api-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-jsvc-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-lib-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-log4j-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-selinux-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-servlet-3.0-api-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat7-webapps-7.0.70-29.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-admin-webapps-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-docs-webapp-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-el-2.2-api-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-javadoc-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-jsp-2.3-api-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-jsvc-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-lib-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-log4j-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-selinux-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-servlet-3.1-api-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"tomcat8-webapps-8.0.36-33.ep7.el6")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-admin-webapps-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-docs-webapp-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-el-2.2-api-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-javadoc-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-jsp-2.2-api-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-jsvc-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-lib-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-log4j-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-selinux-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-servlet-3.0-api-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat7-webapps-7.0.70-29.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-admin-webapps-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-docs-webapp-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-el-2.2-api-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-javadoc-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-jsp-2.3-api-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-jsvc-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-lib-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-log4j-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-selinux-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-servlet-3.1-api-8.0.36-33.ep7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"tomcat8-webapps-8.0.36-33.ep7.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20181016_TOMCAT_ON_SL7_X.NASL description Security Fix(es) : - tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) last seen 2020-03-18 modified 2018-10-17 plugin id 118167 published 2018-10-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118167 title Scientific Linux Security Update : tomcat on SL7.x (noarch) (20181016) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2921.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118156 published 2018-10-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118156 title CentOS 7 : tomcat (CESA-2018:2921) NASL family Misc. NASL id SYMANTEC_CONTENT_ANALYSIS_SYMSA1463.NASL description The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. (CVE-2018-1336) - When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS.(CVE-2018-8019) - Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. (CVE-2018-8020) - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. (CVE-2018-8034) last seen 2020-06-01 modified 2020-06-02 plugin id 125550 published 2019-05-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125550 title Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1463) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1129.NASL description This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). Bug fixes : - Avoid overwriting of customer last seen 2020-06-05 modified 2018-10-09 plugin id 117983 published 2018-10-09 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117983 title openSUSE Security Update : tomcat (openSUSE-2018-1129) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1019.NASL description This update for tomcat to 8.0.53 fixes the following issues : Security issue fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes : - bsc#1067720: Avoid overwriting of customer last seen 2020-06-05 modified 2018-09-17 plugin id 117526 published 2018-09-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117526 title openSUSE Security Update : tomcat (openSUSE-2018-1019) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1055.NASL description The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable last seen 2020-06-01 modified 2020-06-02 plugin id 111610 published 2018-08-10 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111610 title Amazon Linux AMI : tomcat7 / tomcat80 (ALAS-2018-1055) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2741.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536) * guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237) * picketlink: The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml (CVE-2017-2582) * jbossweb: tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat). last seen 2020-06-01 modified 2020-06-02 plugin id 117771 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117771 title RHEL 7 : JBoss EAP (RHSA-2018:2741) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1385.NASL description According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-15 modified 2018-12-10 plugin id 119513 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119513 title EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2018-1385) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1105.NASL description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.(CVE-2018-1336) last seen 2020-06-01 modified 2020-06-02 plugin id 118836 published 2018-11-09 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118836 title Amazon Linux 2 : tomcat (ALAS-2018-1105) NASL family Web Servers NASL id TOMCAT_9_0_8.NASL description A denial of service (DoS) vulnerability exists in Apache Tomcat, in versions between 9.0.0.M1 and 9.0.7 (inclusive), due to improper overflow handling in the UTF-8 decoder component. An unauthenticated, remote attacker can exploit this issue, to cause the application to stop responding. last seen 2020-03-18 modified 2019-02-27 plugin id 122447 published 2019-02-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122447 title Apache Tomcat 9.0.0.M1 < 9.0.8 Denial of Service Vulnerability NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0031_TOMCAT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tomcat packages installed that are affected by a vulnerability: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. (CVE-2018-1336) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127197 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127197 title NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Vulnerability (NS-SA-2019-0031) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2921.NASL description From Red Hat Security Advisory 2018:2921 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118161 published 2018-10-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118161 title Oracle Linux 7 : tomcat (ELSA-2018-2921) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-770.NASL description This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). Bug fixes : - Avoid overwriting of customer last seen 2020-06-01 modified 2020-06-02 plugin id 123330 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123330 title openSUSE Security Update : tomcat (openSUSE-2019-770) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3723-1.NASL description It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. (CVE-2018-1336) It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2018-8034). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111349 published 2018-07-26 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111349 title Ubuntu 14.04 LTS / 16.04 LTS : tomcat7, tomcat8 vulnerabilities (USN-3723-1) NASL family Web Servers NASL id TOMCAT_8_0_52.NASL description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 8.0.x < 8.0.52, 8.5.x < 8.5.31 or 9.0.x < 9.0.8. It is, therefore, affected by the following vulnerability: - A denial of service (DoS) vulnerability exists in Tomcat due to improper overflow handling in the UTF-8 decoder. An unauthenticated, remote attacker can exploit this issue to cause an infinite loop in the decoder, leading to a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2019-01-11 plugin id 121124 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121124 title Apache Tomcat 8.0.x < 8.0.52 / 8.5.x < 8.5.31 / 9.0.x < 9.0.8 Denial of Service NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2921.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118162 published 2018-10-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118162 title RHEL 7 : tomcat (RHSA-2018:2921) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1491.NASL description Two security issues have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1336 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 112230 published 2018-09-04 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112230 title Debian DLA-1491-1 : tomcat8 security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2743.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536) * guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237) * picketlink: The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml (CVE-2017-2582) * jbossweb: tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat). last seen 2020-06-01 modified 2020-06-02 plugin id 117772 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117772 title RHEL 6 : JBoss EAP (RHSA-2018:2743) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4281.NASL description Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. last seen 2020-06-01 modified 2020-06-02 plugin id 112185 published 2018-08-30 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112185 title Debian DSA-4281-1 : tomcat8 - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1415.NASL description According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-12-28 plugin id 119904 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119904 title EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2018-1415) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL73008537.NASL description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. (CVE-2018-1336) Impact BIG-IP and Traffix SDC A remote attacker can exploit this vulnerability with carefully crafted data and cause a denial of service (DoS) on the target system. Enterprise Manager, BIG-IQ, and iWorkflow There is no impact; these F5 products are not affected by this vulnerability. last seen 2020-04-03 modified 2018-12-14 plugin id 119668 published 2018-12-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119668 title F5 Networks BIG-IP : Apache Tomcat vulnerability (K73008537) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1056.NASL description The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable last seen 2020-06-01 modified 2020-06-02 plugin id 111611 published 2018-08-10 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111611 title Amazon Linux AMI : tomcat8 (ALAS-2018-1056) NASL family Web Servers NASL id TOMCAT_7_0_88.NASL description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 7.0.x prior to 7.0.88. It is, therefore, affected by the following vulnerability: - A denial of service (DoS) vulnerability exists in Tomcat due to improper overflow handling in the UTF-8 decoder. An unauthenticated, remote attacker can exploit this issue to cause an infinite loop in the decoder, leading to a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2019-01-11 plugin id 121121 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121121 title Apache Tomcat 7.0.x < 7.0.88 Denial of Service
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
The Hacker News
| id | THN:D761F7EF41472ED13C52BD3AF1E1F9BA |
| last seen | 2018-07-24 |
| modified | 2018-07-24 |
| published | 2018-07-24 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2018/07/apache-tomcat-server.html |
| title | Apache Tomcat Patches Important Security Vulnerabilities |
References
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
- https://usn.ubuntu.com/3723-1/
- http://www.securitytracker.com/id/1041375
- http://www.securityfocus.com/bid/104898
- https://access.redhat.com/errata/RHEA-2018:2189
- https://access.redhat.com/errata/RHEA-2018:2188
- https://security.netapp.com/advisory/ntap-20180817-0001/
- https://www.debian.org/security/2018/dsa-4281
- https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html
- https://access.redhat.com/errata/RHSA-2018:2701
- https://access.redhat.com/errata/RHSA-2018:2700
- https://access.redhat.com/errata/RHSA-2018:2743
- https://access.redhat.com/errata/RHSA-2018:2742
- https://access.redhat.com/errata/RHSA-2018:2741
- https://access.redhat.com/errata/RHSA-2018:2740
- https://access.redhat.com/errata/RHSA-2018:2930
- https://access.redhat.com/errata/RHSA-2018:2921
- https://access.redhat.com/errata/RHSA-2018:2945
- https://access.redhat.com/errata/RHSA-2018:2939
- https://access.redhat.com/errata/RHSA-2018:3768
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
- https://support.f5.com/csp/article/K73008537?utm_source=f5support&%3Butm_medium=RSS
- https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E