#VU51012 Deserialization of Untrusted Data in Apache Tomcat - CVE-2021-25329

Cybersecurity Help s.r.o.

Published: 2021-03-01

Vulnerability identifier: #VU51012

Vulnerability risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-25329

CWE-ID: CWE-502

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Note, the vulnerability exists due to incomplete fix for #VU28158 and requires a certain specific configuration.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Tomcat: 7.0.0 - 7.0.107, 8.0.0 RC1 - 8.0.53, 8.5.0 - 8.5.62, 9.0.0-M1 - 9.0.42, 10.0.0-M1 - 10.0.1

External links
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for tomcat7

Multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT

Multiple vulnerabilities in Dell Storage Monitoring and Reporting (SMR)

Multiple vulnerabilities in IBM QRadar SIEM

Gentoo update for Apache Tomcat

Ubuntu update for tomcat9

Multiple vulnerabilities in Dell EMC VxRail Appliance

Multiple vulnerabilities in Red Hat JBoss Web Server

SUSE update for tomcat

SUSE update for tomcat6