Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities :

  - The remote Apache Tomcat install is vulnerable to a     denial of service attack. If directory listing is     enabled, function calls to retrieve the contents of     large directories can degrade performance.
    (CVE-2005-3510)

  - The remote Apache Tomcat install may be vulnerable to     a cross-site scripting attack if the JSP examples are     enabled. Several of these JSP examples do not properly     validate user input. (CVE-2005-4838)

  - The remote Apache Tomcat install allows remote users     to list the contents of a directory by placing a     semicolon before a filename with a mapped extension.
    (CVE-2006-3835)

  - If enabled, the JSP calendar example application is     vulnerable to a cross-site scripting attack because     user input is not properly validated. (CVE-2006-7196)

  - The remote Apache Tomcat install, in its default     configuration, permits the use of insecure ciphers when     using SSL. (CVE-2007-1858)

  - The remote Apache Tomcat install may be vulnerable to an     information disclosure attack by allowing requests from     a non-permitted IP address to gain access to a context     that is protected with a valve that extends     RequestFilterValve. (CVE-2008-3271)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.1. It is, therefore, affected by an information disclosure vulnerability.

Specifically, it may allow requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server.

This update has been rated as having low security impact by the Red Hat Security Response Team.

This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.

Multiple flaws were fixed in the Apache Tomcat package.
(CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)

Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues.

This update of tomcat fixes an information leak due to incorrect IP address filtering. (CVE-2008-3271)

ID	Name	Product	Family	Severity
47029	Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities	Nessus	Web Servers	medium
47028	Apache Tomcat 5.x < 5.5.1 Information Disclosure	Nessus	Web Servers	medium
43842	RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)	Nessus	Red Hat Local Security Checks	medium
41249	SuSE9 Security Update : Tomcat (YOU Patch Number 12271)	Nessus	SuSE Local Security Checks	medium
34499	SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5689)	Nessus	SuSE Local Security Checks	medium
34442	openSUSE 10 Security Update : tomcat5 (tomcat5-5684)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2008-3271

high

Tenable Plugins

medium

medium

medium

medium

medium

medium