Apache Tomcat 9.0.0.M1 Security Manager StatusManagerServlet Bypass

2016.02.23
Risk: Low
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2016-0706 Apache Tomcat Security Manager bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.0 to 6.0.44 - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0.RC1 to 8.0.30 - - Apache Tomcat 9.0.0.M1 - - Earlier, unsupported Tomcat versions may be affected Description: The StatusManagerServlet could be loaded by a web application when a security manager was configured. This servlet would then provide the web application with a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. This could have exposed sensitive information from other web applications such as session IDs to the web application. Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 9.0.0.M3 or later (9.0.0.M2 has the fix but was not released) - - Upgrade to Apache Tomcat 8.0.32 or later (8.0.31 has the fix but was not released) - - Upgrade to Apache Tomcat 7.0.68 or later - - Upgrade to Apache Tomcat 6.0.45 or later Credit: This issue was discovered by The Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWyu9qAAoJEBDAHFovYFnny/0P/0VtkiCt56FeS3I42BlvjAne w/oqurmk/XoF/gof+VYxYuNOXMIwvgyGMjj21kZf+n2DjINXLHp9VFZ/APeSJ8kL XcnTL1EBK1JBdxsieIhGAfLMeDO04wO3uuorJHwJIBbl4ymh7N4A2fgciKgCmNyB y22TPT5Hz7iFCU8Ij6xsYJERpveUrenenAqbgjdcpILydbBoTqmZtZtWmPOFki90 cZo/2D0Av4H4SKh1PuCkzjk2DFXfyXcq+tDaX8dizPinQMQsbAX63BoYy5LrfWrJ epgY9Q0QziOyp7b5Z72AjQ3RJR7yZS/iT3wb37jceI3Dq/mpkWFggqEGkSpFdGX7 AhoqVXjFw9eakjst0k5LZ29+dD8Fqz+2umXlRwelsxInLNgDk67Z2XehqkWWb85b 64PFh3ZYj/8CxxV6ErGq0bBhpCsNHZffEzOT/Ebldjn/afHajne3Yd9SZEbbZO3U ejCSG2UziJ4t4mygnGyWaRCgKtjCrejzDZYicOICJEDE8enaPbNs0Ka8lR8fh21y U3avzYIu7MosqvqoEAleMkjXySWSufqGF0ugbtsZx1lisl9Zax0LfXbq5sLmdNMS fXhxu/1RfHfPS7NUP9YYs5OdWxCxecD/kiaxc3ArVVPdgAMSwlEyI59gSD/y7XPd fitNMHbOMz6qG/uxVfH0 =6KO+ -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top