CVE-2011-2526 – tomcat: security manager restrictions bypass
https://notcve.org/view.php?id=CVE-2011-2526
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. Apache Tomcat v5.5.x anterior a v5.5.34, v6.x anterior a v6.0.33, y v7.x anterior a v7.0.19, cuando sendfile está habilitado para el conector HTTP APR o HTTP NIO, no valida ciertos atributos en la solicitud, permitiendo a usuarios locales eludir las restricciones de acceso a archivos o causar una denegación de servicio (bucle infinito o caída de JVM) mediante el aprovechamiento de una aplicación web no confiable. • http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/73797 http://osvdb.org/73798 http://rhn.redhat.com/errata/RHSA-2012-0074.html http://rhn.redhat.com/errata/RHSA-2012-0075.html http://rhn.redhat.com/errata/RHSA-2012-0076.html http://rhn.redhat.com/errata/RHSA-2012-0077.html http: • CWE-20: Improper Input Validation •
CVE-2011-2204 – tomcat: password disclosure vulnerability
https://notcve.org/view.php?id=CVE-2011-2204
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat v5.5.x antes de v5.5.34, v6.0.33 antes de v6.x, v7.x antes de v7.0.17, cuando el MemoryUserDatabase se utiliza, crea entradas del registro que contienen las contraseñas al encontrar errores en la creación de usuarios JMX, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/44981 http://secunia.com/advisories/48308 http://secunia.com/advisories/57126 http://securitytracker.com/id? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1582
https://notcve.org/view.php?id=CVE-2011-1582
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419. Apache Tomcat v7.0.12 y v7.0.13 procesa la primera petición a un servlet sin seguir las restricciones de seguridad que se han configurado a través de anotaciones, que permite a atacantes remotos evitar las restricciones de acceso previstas a través de peticiones HTTP. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2011-1088, CVE-2011-1183, y CVE-2011-1419. • http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E http://securityreason.com/securityalert/8256 http://svn.apache.org/viewvc?view=revision&revision=1100832 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29 http://www.securityfocus.com/archive/1/518032/100/0/threaded http://www.securityfocus.com/bid/47886 http://www.vupen.com/english/advisories/2011/1255 https://exchange.xforce.ibmcloud& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-1475
https://notcve.org/view.php?id=CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." El conector HTTP BIO en Apache Tomcat v7.0.x anterior a v7.0.12 no controla correctamente HTTP "pipelining", permitiendo a atacantes remotos leer las respuestas para otros clientes en circunstancias oportunistas mediante la examinación de los datos de la aplicación en paquetes HTTP, relacionado con una "una mezcla de respuestas a las peticiones de los diferentes usuarios" • https://github.com/samaujs/CVE-2011-1475 http://seclists.org/fulldisclosure/2011/Apr/97 http://securityreason.com/securityalert/8188 http://svn.apache.org/viewvc?view=revision&revision=1086349 http://svn.apache.org/viewvc?view=revision&revision=1086352 http://tomcat.apache.org/security-7.html http://www.securityfocus.com/archive/1/517363 http://www.securityfocus.com/bid/47199 http://www.securitytracker.com/id?1025303 http://www.vupen.com/english/advisories/2011/0894 https://ex • CWE-20: Improper Input Validation •
CVE-2011-1183
https://notcve.org/view.php?id=CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. Apache Tomcat v7.0.11, cuando web.xml no tiene configuración de login, no se siguen las restricciones de seguridad, permitiendo a atacantes remotos evitar las restricciones de acceso a través de peticiones HTTP a los meta-datos de la aplicación web. NOTA: esta vulnerabilidad existe debido a un parche incorrecto para CVE-2011-1088 y CVE-2011-1419. • http://seclists.org/fulldisclosure/2011/Apr/96 http://securityreason.com/securityalert/8187 http://svn.apache.org/viewvc?view=revision&revision=1087643 http://tomcat.apache.org/security-7.html http://www.securityfocus.com/archive/1/517362/100/0/threaded http://www.securityfocus.com/bid/47196 https://exchange.xforce.ibmcloud.com/vulnerabilities/66675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701 •