Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/
http11/filters/ChunkedInputFilter.java in Apache Tomcat
before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4
allows remote attackers to cause a denial of service
(resource consumption) via a malformed chunk size in
chunked transfer coding of a request during the
streaming of data. (CVE-2014-0075)

- java/org/apache/catalina/servlets/DefaultServlet.java in
the default servlet in Apache Tomcat before 6.0.40, 7.x
before 7.0.53, and 8.x before 8.0.4 does not properly
restrict XSLT stylesheets, which allows remote attackers
to bypass security-manager restrictions and read
arbitrary files via a crafted web application that
provides an XML external entity declaration in
conjunction with an entity reference, related to an XML
External Entity (XXE) issue. (CVE-2014-0096)

- Integer overflow in
java/org/apache/tomcat/util/buf/Ascii.java in Apache
Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before
8.0.4, when operated behind a reverse proxy, allows
remote attackers to conduct HTTP request smuggling
attacks via a crafted Content-Length HTTP header.
(CVE-2014-0099)

- Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x
before 8.0.6 does not properly constrain the class
loader that accesses the XML parser used with an XSLT
stylesheet, which allows remote attackers to (1) read
arbitrary files via a crafted web application that
provides an XML external entity declaration in
conjunction with an entity reference, related to an XML
External Entity (XXE) issue, or (2) read files
associated with different web applications on a single
Tomcat instance via a crafted web application.
(CVE-2014-0119)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?5da2ca5d
http://www.nessus.org/u?1090244c
http://www.nessus.org/u?a2adec04
http://www.nessus.org/u?3fc37c65

Solution :

Upgrade to Solaris 11.1.21.4.1.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Solaris Local Security Checks

Nessus Plugin ID: 80794 ()

Bugtraq ID:

CVE ID: CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
CVE-2014-0119

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now