HP-UX update for Tomcat
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2023-34981 CVE-2017-12616 CVE-2017-12617 CVE-2024-24549 CVE-2024-23672 CVE-2023-46589 CVE-2023-45648 CVE-2023-44487 CVE-2023-42795 CVE-2023-42794 CVE-2023-41080 CVE-2023-28708 CVE-2021-30639 CVE-2023-28709 CVE-2023-24998 CVE-2022-45143 CVE-2022-42252 CVE-2022-34305 CVE-2022-29885 CVE-2022-23181 CVE-2021-43980 CVE-2021-42340 CVE-2021-41079 CVE-2021-33037 CVE-2021-30640 |
| CWE-ID | CWE-200 CWE-20 CWE-400 CWE-444 CWE-399 CWE-749 CWE-601 CWE-614 CWE-755 CWE-770 CWE-94 CWE-79 CWE-19 CWE-264 CWE-835 CWE-287 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #4 is available. Vulnerability #8 is being exploited in the wild. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #15 is available. Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #19 is available. |
| Vulnerable software Subscribe |
Tomcat Operating systems & Components / Operating system package or component |
| Vendor | HPE |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU77622
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34981
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to HTTP headers are not set in a response. A remote attacker can send a specially crafted HTTP request and gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU8543
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12616
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the systems and resources using the VirtualDirContext due to input validation flaw. A remote attacker can send a specially crafted request to bypass security constraints and view JSP source code for resources on the target system served by the VirtualDirContext.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU8669
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-12617
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient validation of user-supplied input when running with HTTP PUTs enabled. A remote attacker can send a specially crafted request to upload a JSP file to the server and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in full system compromise.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Input validation error
EUVDB-ID: #VU87510
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-24549
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Resource exhaustion
EUVDB-ID: #VU87509
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23672
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can keep WebSocket connections open for a long time to trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU83533
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46589
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing malformed trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU81799
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45648
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Resource management error
EUVDB-ID: #VU81800
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42795
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when recycling various internal objects. A remote attacker can force Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Exposed dangerous method or function
EUVDB-ID: #VU81803
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42794
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that exposed a potential denial of service on Windows. A remote attacker can perform a denial of service attack by uploading multiple files to the server that are not removed.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Open redirect
EUVDB-ID: #VU80089
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-41080
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Sensitive cookie in HTTPS session without Secure attribute
EUVDB-ID: #VU73957
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28708
CWE-ID:
CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Handling of Exceptional Conditions
EUVDB-ID: #VU55422
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30639
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error management within the application when handling unexpected connection termination. A remote attacker can drop connection with the Apache Tomcat server, which triggers a non-blocking I/O error and causes all requests, handled by that request object, to fail. As a result, a remote attacker can initiate and drop connections to the server and perform a denial of service attack. MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU76417
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28709
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incomplete fox for #VU72427 (CVE-2023-24998). If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU72427
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-24998
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Code Injection
EUVDB-ID: #VU70666
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45143
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate server output.
The vulnerability exists due to improper input validation within the JsonErrorReportValve when handling type, message or description values. A remote attacker can send a specially crafted request and manipulate or invalidate JSON output.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU68859
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42252
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers via an invalid
Content-Length header.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks but requires Tomcat to be configured to ignore invalid HTTP headers via setting
rejectIllegalHeader to false (not the default configuration).
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Cross-site scripting
EUVDB-ID: #VU64627
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-34305
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the form authentication example in the examples web application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Data Handling
EUVDB-ID: #VU63225
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-29885
CWE-ID:
CWE-19 - Data Handling
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to an error in documentation for the EncryptInterceptor, which incorrectly stated that it enabled Tomcat clustering to run over an untrusted network. A remote attacker can perform a denial of service attack against the exposed EncryptInterceptor.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Security restrictions bypass
EUVDB-ID: #VU60079
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23181
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time of check, time of use flaw when configured to persist sessions using the FileStore. A local user can perform certain actions which lead to security restrictions bypass and privilege escalation (code execution with Tomcat process privileges).
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information disclosure
EUVDB-ID: #VU67714
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43980
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect implementation of blocking reads and writes. A remote attacker can trigger a concurrency bug and force client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource exhaustion
EUVDB-ID: #VU57389
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42340
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when processing HTTP connections. A remote attacker can initiate multiple HTTP connections with the web server and consume all available memory on the system. Mitigation
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Infinite loop
EUVDB-ID: #VU56634
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41079
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing certain TLS packets. A remote attacker can send a specially crafted packet to the application, consume all available system resources and cause denial of service conditions.
Successful exploitation of vulnerability requires that Apache Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS.
Install update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU55423
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33037
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests, related to processing of transfer encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper Authentication
EUVDB-ID: #VU55417
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30640
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the JNDI Realm when processing authentication requests. A remote attacker can authenticate using variations of a valid user name and bypass some of the protection provided by the LockOut Realm.
MitigationInstall update from vendor's website.
Vulnerable software versionsTomcat: before D.9.0.87.01
CPE2.3http://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04652en_us
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
