Page 8 of 62 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. El script postinst en el paquete tomcat6 en versiones anteriores a 6.0.45+dfsg-1~deb7u4 en Debian wheezy, en versiones anteriores a 6.0.35-1ubuntu3.9 en Ubuntu 12.04 LTS y en Ubuntu 14.04 LTS; el paquete tomcat7 en versiones anteriores a 7.0.28-4+deb7u8 en Debian wheezy, en versiones anteriores a 7.0.56-3+deb8u6 en Debian jessie, en versiones anteriores a 7.0.52-1ubuntu0.8 en Ubuntu 14.04 LTS, y en Ubuntu 12.04 LTS, 16.04 LTS y 16.10; y el paquete tomcat8 en versiones anteriores a 8.0.14-1+deb8u5 en Debian jessie, en versiones anteriores a 8.0.32-1ubuntu1.3 en Ubuntu 16.04 LTS, en versiones anteriores a 8.0.37-1ubuntu0.1 en Ubuntu 16.10 y en versiones anteriores a 8.0.38-2ubuntu1 en Ubuntu 17.04 podrían permitir a usuarios locales con acceso a la cuenta tomcat obtener información sensible u obtener privilegios root a través de un ataque de enlace simbólico en el directorio localhost Catalina. • http://www.debian.org/security/2016/dsa-3738 http://www.debian.org/security/2016/dsa-3739 http://www.openwall.com/lists/oss-security/2016/12/02/10 http://www.openwall.com/lists/oss-security/2016/12/02/5 http://www.securityfocus.com/bid/94643 http://www.ubuntu.com/usn/USN-3177-1 http://www.ubuntu.com/usn/USN-3177-2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393 https://security.netapp.com/advisory/ntap-20180731-0002 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 74%CPEs: 56EXPL: 0

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualizó por coherencia con el parche de Oracle CVE-2016-3427 que afectó a los tipos de credenciales. The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. • http://rhn.redhat.com/errata/RHSA-2017-0457.html http://seclists.org/oss-sec/2016/q4/502 http://svn.apache.org/viewvc?view=revision&revision=1767644 http://svn.apache.org/viewvc?view=revision&revision=1767656 http://svn.apache.org/viewvc?view=revision&revision=1767676 http://svn.apache.org/viewvc?view=revision&revision=1767684 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org&#x • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.1EPSS: 0%CPEs: 178EXPL: 1

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. El código en Apache Tomcat 9.0.0.M1 a 9.0.0.M11, 8.5.0 a 8.5.6, 8.0.0.RC1 a 8.0.38, 7.0.0 a 7.0.72 y 6.0.0 a 6.0.47 que analizó la línea de solicitud HTTP permitió caracteres no válidos. Esto podría ser explotado, junto con un proxy que también permitió los caracteres no válidos, pero con una interpretación diferente, para inyectar datos en la respuesta HTTP. • https://www.exploit-db.com/exploits/41783 http://rhn.redhat.com/errata/RHSA-2017-0244.html http://rhn.redhat.com/errata/RHSA-2017-0245.html http://rhn.redhat.com/errata/RHSA-2017-0246.html http://rhn.redhat.com/errata/RHSA-2017-0247.html http://rhn.redhat.com/errata/RHSA-2017-0250.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://rhn.redhat.com/errata/RHSA-2017-0527.html http://www.debian.org/security/2016/dsa-3738 http://www.oracle.com/ • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 138EXPL: 0

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. • http://rhn.redhat.com/errata/RHSA-2017-0457.html http://rhn.redhat.com/errata/RHSA-2017-0527.html http://www.debian.org/security/2017/dsa-3754 http://www.debian.org/security/2017/dsa-3755 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/94828 http://www.securitytracker.com/id/1037432 https://access.redhat.com/errata/RHSA-2017:0455 https://a • CWE-388: 7PK - Errors •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. El inicio de secuencia de comandos de Tomcat en el paquete tomcat7 en versiones anteriores 7.0.56-3+deb8u4 y el paquete tomcat8 en versiones anteriores 8.0.14-1+deb8u3 en Debian jessie y los paquetes tomcat6 y libtomcat6-java en versiones anteriores 6.0.35-1ubuntu3.8 en Ubuntu 12.04 LTS, los paquetes tomcat7 y libtomcat7-java en versiones anteriores 7.0.52-1ubuntu0.7 en Ubuntu 14.04 LTS y los paquetes tomcat8 y libtomcat8-java en versiones anteriores 8.0.32-1ubuntu1.2 en Ubuntu 16.04 LTS permite a usuarios locales con acceso a la cuenta tomcat obtener privilegios de root a través de un ataque de enlace simbólico en archivo de registro Catalina, según lo demostrado por /var/log/tomcat7/catalina.out. It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. Apache Tomcat versions 8.0.36-2 and below, 7.0.70-2 and below, and 6.0.45+dfsg-1~deb8ul and below suffer from a local root privilege escalation vulnerability. • https://www.exploit-db.com/exploits/40450 http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.debian.org/security/2016/dsa-3669 http://www.debian.org/security/2016/dsa-3670 http://www.securityfocus.com/archive/1/539519/100/0/threaded http://www.securityfocus.com/bid/93263 http&# • CWE-20: Improper Input Validation CWE-284: Improper Access Control •