Detections
Analytics

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:0472-1)

high Nessus Plugin ID 190624

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory.

 - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. (CVE-2023-42794)

 - Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
 (CVE-2023-42795)

 - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. (CVE-2023-45648)

 - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. (CVE-2023-46589)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://www.suse.com/security/cve/CVE-2023-45648

https://www.suse.com/security/cve/CVE-2023-46589

https://www.suse.com/security/cve/CVE-2024-22029

https://bugzilla.suse.com/1216118

https://bugzilla.suse.com/1216119

https://bugzilla.suse.com/1216120

https://bugzilla.suse.com/1217402

https://bugzilla.suse.com/1217649

https://bugzilla.suse.com/1217768

https://bugzilla.suse.com/1219208

http://www.nessus.org/u?6cfd7437

https://www.suse.com/security/cve/CVE-2023-42794

https://www.suse.com/security/cve/CVE-2023-42795

Plugin Details

Severity: High

ID: 190624

File Name: suse_SU-2024-0472-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2/17/2024

Updated: 3/15/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-46589

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:tomcat-lib, p-cpe:/a:novell:suse_linux:tomcat-jsp-2_3-api, p-cpe:/a:novell:suse_linux:tomcat-webapps, p-cpe:/a:novell:suse_linux:tomcat-el-3_0-api, p-cpe:/a:novell:suse_linux:tomcat-servlet-4_0-api, p-cpe:/a:novell:suse_linux:tomcat, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:tomcat-admin-webapps

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/14/2024

Vulnerability Publication Date: 10/10/2023

Reference Information

CVE: CVE-2023-42794, CVE-2023-42795, CVE-2023-45648, CVE-2023-46589, CVE-2024-22029

IAVA: 2023-A-0534-S, 2023-A-0661-S

SuSE: SUSE-SU-2024:0472-1