CVE-2019-10072 – Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. La solución para el CVE-2019-0199 estaba incompleta y no abordaba el agotamiento de la ventana de conexión HTTP/2 al escribir en de Apache Tomcat versiones desde 9.0.0.M1 hasta 9.0.19 y 8.5.0 hasta 8.5.40. Al no enviar mensajes de WINDOW_UPDATE para la ventana de conexión (stream 0), los clientes fueron habilitados para causar que los hilos (subprocesos) del lado del servidor se bloquearan eventualmente conllevando al agotamiento del hilo (subproceso) y a una DoS. This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Apache Tomcat. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html http://www.securityfocus.com/bid/108874 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14 • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •
CVE-2019-0221 – Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. El comando printenv de SSI en Apache Tomcat versión 9.0.0.M1 hasta 9.0.0.17, versión 8.5.0 hasta 8.5.39 y versión 7.0.0 hasta 7.0.93, hace eco de los datos suministrados por el usuario sin escapar, y en consecuencia, es vulnerable a XSS. SSI está deshabilitado por defecto. • https://www.exploit-db.com/exploits/50119 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/May/50 http://www.securityfocus.com/bid/108545 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://lists.apache& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/09/01/4 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.re •
CVE-2019-0232 – Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). Cuando se ejecuta Windows con enableCmdLineArguments activado, el Servlet CGI en Apache Tomcat 9.0.0.0.M1 a 9.0.17, 8.5.0 a 8.5.39 y 7.0.0.0 a 7.0.93 es vulnerable a una Ejecución Remota de Código debido a un error en la forma en que el JRE pasa los argumentos de la línea de comando a Windows. • https://www.exploit-db.com/exploits/47073 https://github.com/pyn3rd/CVE-2019-0232 https://github.com/jas502n/CVE-2019-0232 https://github.com/jaiguptanick/CVE-2019-0232 https://github.com/setrus/CVE-2019-0232 https://github.com/cyy95/CVE-2019-0232-EXP https://github.com/xsxtw/CVE-2019-0232 https://github.com/Nicoslo/Windows-exploitation-Apache-Tomcat-8.5.19-CVE-2019-0232- https://github.com/Nicoslo/Windows-Exploitation-Web-Server-Tomcat-8.5.39-CVE-2019-0232 http:& • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-0199 – tomcat: Apache Tomcat HTTP/2 DoS
https://notcve.org/view.php?id=CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. La implementación HTTP/2 en Apache Tomcat desde 9.0.0.M1 hasta 9.0.14 y desde 8.5.0 hasta 8.5.37 aceptaba flujos con números excesivos de tramas SETTINS y permitía a los clientes mantener flujos abiertos sin datos de lectura/escritura o solicitud/respuesta. Manteniendo flujos abiertos para peticiones que utilizaban bloqueo I/O en el Servlet API´s, los clientes eran capaces de hacer que los hilos (threads) del lado del servidor se bloquearan, provocando el agotamiento de los hilos y la denegación del servicio (DoS). A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html http://www.securityfocus.com/bid/107674 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thre • CWE-400: Uncontrolled Resource Consumption •