Upgrade RHEL:7 poppler-qt-devel to version 0:0.26.5-17.el7_4 or higher. This issue was patched in RHSA-2017:2551 .

tomcat:catalina 4.1.9 vulnerabilities

Known vulnerabilities in the tomcat:catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Information Exposure. When using the SingleSignOn Valve via https, the Cookie `JSESSIONIDSSO` is transmitted without the `secure` attribute, resulting in it being transmitted to any concurrent request that is sent via HTTP. How to fix Information Exposure? Upgrade `tomcat:catalina` to version 5.0.16 or higher.	[4.1.0,5.0.16)
M Cross-site Request Forgery (CSRF) tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a `/manager/html/undeploy?path=` URI. NOTE: the vendor disputes the significance of this report, stating that the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for `tomcat:catalina`.	[0,)
H Information Exposure tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Information Exposure. When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. This was fixed in revisions 782763 and783292. How to fix Information Exposure? There is no fixed version for `tomcat:catalina`.	[4.1.9,)
M Cross-site Scripting (XSS) tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The calendar example application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. This allows an attack using the time attribute. How to fix Cross-site Scripting (XSS)? Upgrade `tomcat:catalina` to version 4.1.40, 5.5.28 or higher.	[4.1.0,4.1.40)[5.5.0,5.5.28)
H Authentication Bypass tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's `appBase`. This behaviour is controlled by the autoDeploy `attributeof`which defaults to true. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication. Note: This issue only affects Windows platforms.This was fixed in revision 892815. How to fix Authentication Bypass? There is no fixed version for `tomcat:catalina`.	[0,)
H Access Restriction Bypass tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. How to fix Access Restriction Bypass? Upgrade `tomcat:catalina` to version 5.5.24 or higher.	[4.0.4,5.5.24)
M Timing Attack tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack. The `setGlobalContext` method in `ResourceLinkFactory.java` does not consider whether callers to this method are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. How to fix Timing Attack? Upgrade `tomcat:catalina` to version 5.5.24 or higher.	[4,5.5.24)
M Denial of Service (DoS) `tomcat:catalina` Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.	[,5.5.35)
M Access Restriction Bypass `tomcat:catalina` The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.	[,5.5.34)

Vulnerability

Vulnerable Version

Information Exposure

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Information Exposure. When using the SingleSignOn Valve via https, the Cookie JSESSIONIDSSO is transmitted without the secure attribute, resulting in it being transmitted to any concurrent request that is sent via HTTP.

How to fix Information Exposure?

Upgrade tomcat:catalina to version 5.0.16 or higher.

[4.1.0,5.0.16)

Cross-site Request Forgery (CSRF)

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for tomcat:catalina.

[0,)

Information Exposure

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Information Exposure. When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. This was fixed in revisions 782763 and783292.

How to fix Information Exposure?

There is no fixed version for tomcat:catalina.

[4.1.9,)

Cross-site Scripting (XSS)

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The calendar example application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. This allows an attack using the time attribute.

How to fix Cross-site Scripting (XSS)?

Upgrade tomcat:catalina to version 4.1.40, 5.5.28 or higher.

[4.1.0,4.1.40)[5.5.0,5.5.28)

Authentication Bypass

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's appBase. This behaviour is controlled by the autoDeploy attributeofwhich defaults to true. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication.

Note: This issue only affects Windows platforms.This was fixed in revision 892815.

How to fix Authentication Bypass?

There is no fixed version for tomcat:catalina.

[0,)

Access Restriction Bypass

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

How to fix Access Restriction Bypass?

Upgrade tomcat:catalina to version 5.5.24 or higher.

[4.0.4,5.5.24)

Timing Attack

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Timing Attack. The setGlobalContext method in ResourceLinkFactory.java does not consider whether callers to this method are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

How to fix Timing Attack?

Upgrade tomcat:catalina to version 5.5.24 or higher.

[4,5.5.24)

Denial of Service (DoS)

tomcat:catalina Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

[,5.5.35)

Access Restriction Bypass

tomcat:catalina The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

[,5.5.34)

tomcat:catalina@4.1.9 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?