Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30
does not properly handle chunk extensions in chunked
transfer coding, which allows remote attackers to cause
a denial of service by streaming data. (CVE-2012-3544)

- Unspecified vulnerability in the Javadoc component in
Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21
and earlier; and OpenJDK 7 allows remote attackers to
affect integrity via unknown vectors related to Javadoc.
NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another
vendor that this issue is related to frame injection in
HTML that is generated by Javadoc. (CVE-2013-1571)

- Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x
before 8.0.0-RC3, when an HTTP connector or AJP
connector is used, does not properly handle certain
inconsistent HTTP request headers, which allows remote
attackers to trigger incorrect identification of a
request's length and conduct request-smuggling attacks
via (1) multiple Content-Length headers or (2) a
Content-Length header and a 'Transfer-Encoding: chunked'
header. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2005-2090. (CVE-2013-4286)

- Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x
before 8.0.0-RC10 processes chunked transfer coding
without properly handling (1) a large total amount of
chunked data or (2) whitespace characters in an HTTP
header value within a trailer field, which allows remote
attackers to cause a denial of service by streaming
data. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2012-3544. (CVE-2013-4322)

- Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x
before 8.0.0-RC10 allows attackers to obtain 'Tomcat
internals' information by leveraging the presence of an
untrusted web application with a context.xml, web.xml,

*.jspx, *.tagx, or *.tld XML document containing an
external entity declaration in conjunction with an
entity reference, related to an XML External Entity
(XXE) issue. (CVE-2013-4590)

- org/apache/catalina/connector/CoyoteAdapter.java in
Apache Tomcat 6.0.33 through 6.0.37 does not consider
the disableURLRewriting setting when handling a session
ID in a URL, which allows remote attackers to conduct
session fixation attacks via a crafted URL.
(CVE-2014-0033)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?3e922378

Solution :

Upgrade to Solaris 11.1.19.6.0.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 80793 ()

Bugtraq ID:

CVE ID: CVE-2012-3544
CVE-2013-1571
CVE-2013-4286
CVE-2013-4322
CVE-2013-4590
CVE-2014-0033

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now