Page 12 of 168 results (0.017 seconds)

CVSS: 5.8EPSS: 0%CPEs: 183EXPL: 0

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. Apache Tomcat anterior a 6.0.39, 7.x anterior a 7.0.47 y 8.x anterior a 8.0.0-RC3, cuando se utiliza un conector HTTP o AJP, no maneja debidamente ciertas cabeceras de solicitud HTTP inconsistentes, lo que permite a atacantes remotos provocar una identificación incorrecta de la longitud de una solicitud y realizar ataques request-smuggling a través de (1) múltiples cabeceras de Content-Length o (2) una cabecera de Content-Length y una cabecera de "Transfer-Encoding: chunked". NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2005-2090. It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. • http://advisories.mageia.org/MGASA-2014-0148.html http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2014-0343.html http://rhn.redhat.com/errata/RHSA-2014-0344.html http://rhn.redhat.com/errata/RHSA-2014-0345.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/57675 http://secunia.com/advisories/59036 http://secunia.com/advisories/59675 http:// • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 0

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." ** DISPUTADA ** Apache Tomcat 7.x utiliza permisos de lectura para todos para los directorios de registros LOG y sus archivos, lo que permitiría a usuarios locales obtener información sensible mediante la lectura de un archivo. NOTA: Un distribuidor Tomcat ha declarado "El directorio de registros LOG de Tomcat no contiene ninguna información sensible". • http://www.openwall.com/lists/oss-security/2013/02/23/5 https://bugzilla.redhat.com/show_bug.cgi?id=924841 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 21%CPEs: 74EXPL: 2

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. • https://www.exploit-db.com/exploits/31615 http://advisories.mageia.org/MGASA-2014-0110.html http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://packetstormsecurity.com/files/127215/VMware& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 93EXPL: 2

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator. ** DISPUTADO ** Vulnerabilidad de CSRF en la aplicación Manager en Apache Tomcat 5.5.25 y anteriores versiones permite a atacantes remotos secuestrar la autenticación de peticiones de administrador que manipulen la distribución de aplicaciones a través del método POST, tal tal y como se demuestra mediante la URI /manager/html/undeploy?path=. NOTA: el vendedor discute la importancia de este reporte, indicando que "el equipo de seguridad de Apache Tomcat no acepta ningún reporte de ataques CSRF contra la aplicación Manager ... ya que requieren un administrador de sistemas imprudente". • https://www.exploit-db.com/exploits/29435 http://www.webapp-security.com/wp-content/uploads/2013/11/Apache-Tomcat-5.5.25-CSRF-Vulnerabilities.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue ** EN DISPUTA ** ** El método readObject en la clase DiskFileItem en Apache Tomcat y JBoss Web, tal como se utiliza en la plataforma Red Hat JBoss Enterprise Application 6.1.0 y Red Hat JBoss Portal 6.0.0, permite a atacantes remotos para escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada, un problema similar a CVE-2013-2.186. NOTA: se ha informado que este problema es disputado por el equipo de Apache Tomcat, aunque Red Hat lo considera una vulnerabilidad. La disputa parece considerar si se trata de la responsabilidad de las aplicaciones para evitar que los datos no confiables para ser deserializados, o si esta clase debe proteger inherentemente contra este tema. • http://openwall.com/lists/oss-security/2014/10/24/12 http://rhn.redhat.com/errata/RHSA-2013-1193.html http://rhn.redhat.com/errata/RHSA-2013-1194.html http://rhn.redhat.com/errata/RHSA-2013-1265.html http://www.openwall.com/lists/oss-security/2013/09/05/4 https://access.redhat.com/security/cve/CVE-2013-2185 https://bugzilla.redhat.com/show_bug.cgi?id=974813 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •