SB2015101508 - Multiple vulnerabilities in HP OpenVMS CSWS_JAVA running Tomcat 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015101508

SB2015101508 - Multiple vulnerabilities in HP OpenVMS CSWS_JAVA running Tomcat

Published: October 15, 2015 Updated: April 26, 2023

Security Bulletin ID SB2015101508
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2013-4286)

The vulnerability allows a remote attacker to perform a request-smuggling attack.

The vulnerability exists due to HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers. A remote attacker can trigger incorrect identification of a request's length and conduct request-smuggling attacks via multiple Content-Length headers or a Content-Length header and a "Transfer-Encoding: chunked" header.

This vulnerability exists because of an incomplete fix for CVE-2005-2090.


2) Input validation error (CVE-ID: CVE-2013-4322)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Apache Tomcat processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field. A remote attacker can cause a denial of service by streaming data.


3) Code Injection (CVE-ID: CVE-2013-4444)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing outdated java.io.File code and a custom JMX configuration. A remote attacker can execute arbitrary code by uploading and accessing a JSP file.


4) Information disclosure (CVE-ID: CVE-2013-4590)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.


5) Integer overflow (CVE-ID: CVE-2014-0075)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat. A remote attacker can cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-0096)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat does not properly restrict XSLT stylesheets. A remote attacker can bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.


7) Integer overflow (CVE-ID: CVE-2014-0099)

The vulnerability allows a remote attacker to perform a HTTP request smuggling attack.

The vulnerability exists due to integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat when operated behind a reverse proxy. A remote attacker can conduct HTTP request smuggling attack via a crafted Content-Length HTTP header.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-0119)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Apache Tomcat does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet. A remote attacker can read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application.


9) Resource management error (CVE-ID: CVE-2014-0230)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Apache Tomcat does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body. A remote attacker can cause a denial of service (thread consumption) via a series of aborted upload attempts.


10) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2014-0227)

The vulnerability allows a remote attacker to perform a HTTP request smuggling attack.

The vulnerability exists due to java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat does not properly handle attempts to continue reading data after an error has occurred. A remote attacker can conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.


Remediation

Install update from vendor's website.

References