Apache Tomcat 7.0.x < 7.0.74 / 8.0.x < 8.0.40 / 8.5.x < 8.5.9 / 9.x < 9.0.0.M15 DoS

Medium Nessus Network Monitor Plugin ID 9909

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

The version of Apache Tomcat installed on the remote host is version 7.0.x prior to 7.0.74, 8.0.x prior to 8.0.40, 8.5.x prior to 8.5.9, or 9.x prior to 9.0.0.M15, and is affected by a flaw in the NIO HTTP connector. The issue is triggered when handling send file errors, as a 'Processor' object may be shared among concurrent requests. This may allow a remote attacker to potentially disclose sensitive information like session IDs or response body related to another request. (CVE-2016-8745)
- A flaw exists in the JSP engine that is triggered during the processing of HTTPS requests. This may allow a remote attacker to cause an infinite loop, which may potentially consume excessive resources, leading to a denial of service condition. (CVE-2017-6056)

Solution

Update to Apache Tomcat version 9.0.0.M15 or later. If version 9.x cannot be obtained, versions 8.5.9, 8.0.40, and 7.0.74 have also been patched for these vulnerabilities.

See Also

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15

Plugin Details

Severity: Medium

ID: 9909

File Name: 9909.prm

Family: Web Servers

Published: 2017/01/25

Modified: 2017/02/22

Dependencies: 8928, 8931, 9715

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Patch Publication Date: 2016/12/08

Vulnerability Publication Date: 2016/11/24

Reference Information

CVE: CVE-2016-8745, CVE-2017-6056

BID: 94828

OSVDB: 148477, 152080