Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

medium Nessus Plugin ID 80793

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. (CVE-2012-3544)

- Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc.
NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. (CVE-2013-1571)

- Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a 'Transfer-Encoding: chunked' header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. (CVE-2013-4286)

- Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. (CVE-2013-4322)

- Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain 'Tomcat internals' information by leveraging the presence of an untrusted web application with a context.xml, web.xml,

*.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (CVE-2013-4590)

- org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
(CVE-2014-0033)

Solution

Upgrade to Solaris 11.1.19.6.0.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?ce09309a

Plugin Details

Severity: Medium

ID: 80793

File Name: solaris11_tomcat_20140522.nasl

Version: 1.6

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:tomcat

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2014

Reference Information

CVE: CVE-2012-3544, CVE-2013-1571, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033