CVSS: 7.5EPSS: 21%CPEs: 74EXPL: 2CVE-2014-0050 – Apache Commons FileUpload and Apache Tomcat - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0050
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. • https://www.exploit-db.com/exploits/31615 http://advisories.mageia.org/MGASA-2014-0110.html http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://packetstormsecurity.com/files/127215/VMware& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2185 – Tomcat/JBossWeb: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2185
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue ** EN DISPUTA ** ** El método readObject en la clase DiskFileItem en Apache Tomcat y JBoss Web, tal como se utiliza en la plataforma Red Hat JBoss Enterprise Application 6.1.0 y Red Hat JBoss Portal 6.0.0, permite a atacantes remotos para escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada, un problema similar a CVE-2013-2.186. NOTA: se ha informado que este problema es disputado por el equipo de Apache Tomcat, aunque Red Hat lo considera una vulnerabilidad. La disputa parece considerar si se trata de la responsabilidad de las aplicaciones para evitar que los datos no confiables para ser deserializados, o si esta clase debe proteger inherentemente contra este tema. • http://openwall.com/lists/oss-security/2014/10/24/12 http://rhn.redhat.com/errata/RHSA-2013-1193.html http://rhn.redhat.com/errata/RHSA-2013-1194.html http://rhn.redhat.com/errata/RHSA-2013-1265.html http://www.openwall.com/lists/oss-security/2013/09/05/4 https://access.redhat.com/security/cve/CVE-2013-2185 https://bugzilla.redhat.com/show_bug.cgi?id=974813 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 2.6EPSS: 0%CPEs: 31EXPL: 1CVE-2013-2071 – tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions
https://notcve.org/view.php?id=CVE-2013-2071
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. java/org/apache/catalina/core/AsyncContextImpl.java en Apache Tomcat v7.x anteriores a v7.0.40 no gestionan de forma adecuada el lanzamiento de RuntimeException en AsyncListener en application, lo que permite a atacantes dependiendo del contexto obtener una petición de información sensible solicitada en circunstancias adecuadas por otras aplicaciones que registran, las peticiones que se procesarán. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html http://marc.info/?l=bugtraq&m=139344248911289&w=2 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 43EXPL: 0CVE-2013-2067 – tomcat: Session fixation in form authenticator
https://notcve.org/view.php?id=CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. v6.0.21 hasta v6.0.36 y v7.x anteriores a v7.0.33 no maneja de forma adecuada las relaciones entre requisitos de autenticación y las sesiones, lo que permite a atacantes remotos a inyctar una petición en una sesión enviando esta petición durante el proceso de completado del formulario de login, es una variante del ataque de fijado de sesión. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-0964.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891 http://svn.apach • CWE-287: Improper Authentication CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 1CVE-2012-4431 – Tomcat/JBoss Web - Bypass of CSRF prevention filter
https://notcve.org/view.php?id=CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. org/apache/catalina/filters/CsrfPreventionFilter.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.32 permite a atacantes remotos evitar el mecanismo de protección de CSRF a través de una petición que carece de un identificador de sesión. • https://github.com/imjdl/CVE-2012-4431 http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http:&# • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •