org.apache.tomcat:tomcat-catalina@9.0.67 vulnerabilities

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Uncaught Exception due to the custom Jakarta Authentication ServerAuthContext component which may throw an exception during the authentication process without setting an HTTP status to indicate failure. An attacker can gain unauthorized access by exploiting this unchecked error condition.

Note:

This is only exploitable if Tomcat is configured to use a custom Jakarta Authentication ServerAuthContext component that behaves in this way. According to the maintainers, no such cases are known.

Upgrade org.apache.tomcat:tomcat-catalina to version 9.0.96, 10.1.31, 11.0.0 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Improper Input Validation due to the improper parsing of HTTP trailer headers. An attacker can manipulate the server into treating a single request as multiple requests by sending a trailer header that exceeds the header size limit. This could lead to request smuggling when the server is behind a reverse proxy.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.96, 9.0.83, 10.1.16, 11.0.0-M10 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Incomplete Cleanup when recycling various internal objects. An error could cause some parts of the recycling process to be skipped, leading to information leaking from the current request/response to the next. An attacker can gain unauthorised access to sensitive information by exploiting this error.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Access Restriction Bypass. If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice.

The vulnerability is limited to the ROOT (default) web application.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Unprotected Transport of Credentials when using the RemoteIpFilter with requests received from a reverse proxy via HTTP, in which the X-Forwarded-Proto header is set to https. Session cookies do not include the secure attribute, so the user agent may transmit the session cookie over an insecure channel.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload.

NOTE: After upgrading to the fixed version, the setFileCountMax() must be explicitly set to avoid this vulnerability.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3 or higher.

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Improper Input Validation such that the JsonErrorReportValve does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it is possible for users to supply values that invalidate or manipulate the JSON output.

Upgrade org.apache.tomcat:tomcat-catalina to version 8.5.84, 9.0.69, 10.1.2 or higher.