openEuler 24.03 LTS update for tomcat
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-43980 CVE-2022-25762 CVE-2023-44487 CVE-2023-46589 CVE-2024-23672 CVE-2024-24549 CVE-2024-34750 CVE-2024-52318 |
| CWE-ID | CWE-200 CWE-388 CWE-400 CWE-444 CWE-20 CWE-399 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system tomcat-jsvc Operating systems & Components / Operating system package or component tomcat-help Operating systems & Components / Operating system package or component tomcat Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU67714
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43980
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect implementation of blocking reads and writes. A remote attacker can trigger a concurrency bug and force client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Error Handling
EUVDB-ID: #VU63299
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25762
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling WebSocket connections. If a web application sends a WebSocket message concurrently with the
WebSocket connection closing, it is possible that the application will
continue to use the socket after it has been closed. As a result, subsequent connections can use the
same object concurrently and share data and/or other errors.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU83533
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46589
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing malformed trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU87509
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23672
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can keep WebSocket connections open for a long time to trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU87510
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-24549
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Resource management error
EUVDB-ID: #VU93732
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34750
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU100591
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-52318
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in generated JSPs. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS
tomcat-jsvc: before 9.0.96-2
tomcat-help: before 9.0.96-2
tomcat: before 9.0.96-2
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS:*:*:*:*:*:
- cpe:2.3:o:openeuler:tomcat-jsvc:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat-help:*:*:*:*:*:openeuler:*:
- cpe:2.3:o:openeuler:tomcat:*:*:*:*:*:openeuler:*:
http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
