Apache Tomcat 7.0.x < 7.0.55 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote Apache Tomcat server is affected by multiple

Description :

According to its self-reported version number, the Apache Tomcat
service listening on the remote host is 7.0.x prior to 7.0.55. It is,
therefore, affected by the following vulnerabilities :

- A race condition exists in the ssl3_read_bytes()
function when SSL_MODE_RELEASE_BUFFERS is enabled. This
allows a remote attacker to inject data across sessions
or cause a denial of service. (CVE-2010-5298)

- A buffer overflow error exists related to invalid DTLS
fragment handling that can lead to the execution of
arbitrary code. Note that this issue only affects
OpenSSL when used as a DTLS client or server.

- An error exists in the do_ssl3_write() function that
allows a NULL pointer to be dereferenced, resulting in a
denial of service. Note that this issue is exploitable
only if 'SSL_MODE_RELEASE_BUFFERS' is enabled.

- An error exists related to DTLS handshake handling that
can lead to denial of service attacks. Note that this
issue only affects OpenSSL when used as a DTLS client.

- An unspecified error exists in how ChangeCipherSpec
messages are processed that can allow an attacker to
cause usage of weak keying material, leading to
simplified man-in-the-middle attacks. (CVE-2014-0224)

- An error exists in 'ChunkedInputFilter.java' due to
improper handling of attempts to continue reading data
after an error has occurred. This allows a remote
attacker, via streaming data with malformed chunked
transfer coding, to conduct HTTP request smuggling or
cause a denial of service. (CVE-2014-0227)

- An error exists due to a failure to limit the size of
discarded requests. A remote attacker can exploit this
to exhaust available memory resources, resulting in a
denial of service condition. (CVE-2014-0230)

- An unspecified error exists related to anonymous ECDH
cipher suites that can allow denial of service attacks.
Note that this issue only affects OpenSSL TLS clients.

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :


Solution :

Upgrade to Apache Tomcat version 7.0.55 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now