Amazon Linux AMI update for tomcat6
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-8745 CVE-2016-6816 |
| CWE-ID | CWE-399 CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU5449
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8745
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists to error within the send file code for the NIO HTTP connector, which causes current Processor object being added to the Processor cache multiple times. This behavior means that sharing the same Processor for concurrent requests can lead to leakage of potentially sensitive information between requests, such as session ID, request body, etc.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information.
MitigationUpdate the affected packages.
noarch:Vulnerable software versions
tomcat6-webapps-6.0.51-1.10.amzn1.noarch
tomcat6-6.0.51-1.10.amzn1.noarch
tomcat6-jsp-2.1-api-6.0.51-1.10.amzn1.noarch
tomcat6-servlet-2.5-api-6.0.51-1.10.amzn1.noarch
tomcat6-lib-6.0.51-1.10.amzn1.noarch
tomcat6-el-2.1-api-6.0.51-1.10.amzn1.noarch
tomcat6-docs-webapp-6.0.51-1.10.amzn1.noarch
tomcat6-admin-webapps-6.0.51-1.10.amzn1.noarch
tomcat6-javadoc-6.0.51-1.10.amzn1.noarch
src:
tomcat6-6.0.51-1.10.amzn1.src
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-810.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU1184
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-6816
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to manipulate HTTP responses.
The vulnerability exists due to incorrect parsing of HTTP requests. A remote attacker can send a specially crafted HTTP request containing specially crafted characters and perform XSS attacks, manipulate HTTP responses or obtain potentially sensitive data, belonging to other sessions.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information, but requires presence of a proxy server, which does not block injected characters.
MitigationUpdate the affected packages.
noarch:Vulnerable software versions
tomcat6-webapps-6.0.51-1.10.amzn1.noarch
tomcat6-6.0.51-1.10.amzn1.noarch
tomcat6-jsp-2.1-api-6.0.51-1.10.amzn1.noarch
tomcat6-servlet-2.5-api-6.0.51-1.10.amzn1.noarch
tomcat6-lib-6.0.51-1.10.amzn1.noarch
tomcat6-el-2.1-api-6.0.51-1.10.amzn1.noarch
tomcat6-docs-webapp-6.0.51-1.10.amzn1.noarch
tomcat6-admin-webapps-6.0.51-1.10.amzn1.noarch
tomcat6-javadoc-6.0.51-1.10.amzn1.noarch
src:
tomcat6-6.0.51-1.10.amzn1.src
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-810.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
