tomcat:catalina 5.5.8-alpha vulnerabilities

Known vulnerabilities in the tomcat:catalina package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF) tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a `/manager/html/undeploy?path=` URI. NOTE: the vendor disputes the significance of this report, stating that the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for `tomcat:catalina`.	[0,)
H Information Exposure tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Information Exposure. When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. This was fixed in revisions 782763 and783292. How to fix Information Exposure? There is no fixed version for `tomcat:catalina`.	[4.1.9,)
H Directory Traversal tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Directory Traversal. When deploying WAR files, the WAR file names were not checked for directory traversal attempts. How to fix Directory Traversal? There is no fixed version for `tomcat:catalina`.	[5.5.0,)
M Cross-site Scripting (XSS) tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The calendar example application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. This allows an attack using the time attribute. How to fix Cross-site Scripting (XSS)? Upgrade `tomcat:catalina` to version 4.1.40, 5.5.28 or higher.	[4.1.0,4.1.40)[5.5.0,5.5.28)
H Authentication Bypass tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's `appBase`. This behaviour is controlled by the autoDeploy `attributeof`which defaults to true. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication. Note: This issue only affects Windows platforms.This was fixed in revision 892815. How to fix Authentication Bypass? There is no fixed version for `tomcat:catalina`.	[0,)
H Access Restriction Bypass tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. How to fix Access Restriction Bypass? Upgrade `tomcat:catalina` to version 5.5.24 or higher.	[4.0.4,5.5.24)
M Timing Attack tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack. The `setGlobalContext` method in `ResourceLinkFactory.java` does not consider whether callers to this method are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. How to fix Timing Attack? Upgrade `tomcat:catalina` to version 5.5.24 or higher.	[4,5.5.24)
M Cross-site Scripting (XSS) `tomcat:catalina` Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.	[5.5,5.5.32)
M Access Restriction Bypass tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Access Restriction Bypass. The HTTP Digest Access Authentication implementation in Apache Tomcat. It does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. How to fix Access Restriction Bypass? Upgrade `tomcat:catalina` to version 5.5.34 or higher.	[5.5,5.5.34)
M Denial of Service (DoS) `tomcat:catalina` Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.	[,5.5.35)
M Improper Authentication `tomcat:catalina` The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.	[5.5,5.5.34)
M Improper Input Validation tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Input Validation. When sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. How to fix Improper Input Validation? Upgrade `tomcat:catalina` to version 5.5.34 or higher.	[5.5,5.5.34)
L Directory Traversal tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Directory Traversal. When running within a SecurityManager, does not make the `ServletContext` attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. How to fix Directory Traversal? Upgrade `tomcat:catalina` to version 5.5.30 or higher.	[5.5.0,5.5.30)
L Information Exposure `tomcat:catalina` Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.	[5.5,5.5.29)
L Information Exposure `tomcat:catalina` Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.	[5.5,5.5.34)
M Denial of Service (DoS) `tomcat:catalina` Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.	[5.5,5.5.35)
M Access Restriction Bypass `tomcat:catalina` The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.	[5.5,5.5.36)
M Improper Authentication `tomcat:catalina` The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.	[5.5,5.5.36)
M Improper Authentication `tomcat:catalina` The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.	[5.5,5.5.36)
M Access Restriction Bypass `tomcat:catalina` The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.	[,5.5.34)
M Cryptographic Issues `tomcat:catalina` DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.	[5.5,5.5.34)

Vulnerability

Vulnerable Version

Cross-site Request Forgery (CSRF)

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for tomcat:catalina.

[0,)

Information Exposure

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Information Exposure. When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. This was fixed in revisions 782763 and783292.

How to fix Information Exposure?

There is no fixed version for tomcat:catalina.

[4.1.9,)

Directory Traversal

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Directory Traversal. When deploying WAR files, the WAR file names were not checked for directory traversal attempts.

How to fix Directory Traversal?

There is no fixed version for tomcat:catalina.

[5.5.0,)

Cross-site Scripting (XSS)

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The calendar example application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective. This allows an attack using the time attribute.

How to fix Cross-site Scripting (XSS)?

Upgrade tomcat:catalina to version 4.1.40, 5.5.28 or higher.

[4.1.0,4.1.40)[5.5.0,5.5.28)

Authentication Bypass

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Authentication Bypass. By default, Tomcat automatically deploys any directories placed in ahost's appBase. This behaviour is controlled by the autoDeploy attributeofwhich defaults to true. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication.

Note: This issue only affects Windows platforms.This was fixed in revision 892815.

How to fix Authentication Bypass?

There is no fixed version for tomcat:catalina.

[0,)

Access Restriction Bypass

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Access Restriction Bypass. It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

How to fix Access Restriction Bypass?

Upgrade tomcat:catalina to version 5.5.24 or higher.

[4.0.4,5.5.24)

Timing Attack

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Timing Attack. The setGlobalContext method in ResourceLinkFactory.java does not consider whether callers to this method are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

How to fix Timing Attack?

Upgrade tomcat:catalina to version 5.5.24 or higher.

[4,5.5.24)

Cross-site Scripting (XSS)

tomcat:catalina Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

[5.5,5.5.32)

Access Restriction Bypass

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Access Restriction Bypass. The HTTP Digest Access Authentication implementation in Apache Tomcat. It does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

How to fix Access Restriction Bypass?

Upgrade tomcat:catalina to version 5.5.34 or higher.

[5.5,5.5.34)

Denial of Service (DoS)

tomcat:catalina Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

[,5.5.35)

Improper Authentication

tomcat:catalina The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

[5.5,5.5.34)

Improper Input Validation

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Improper Input Validation. When sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

How to fix Improper Input Validation?

Upgrade tomcat:catalina to version 5.5.34 or higher.

[5.5,5.5.34)

Directory Traversal

tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Directory Traversal. When running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

How to fix Directory Traversal?

Upgrade tomcat:catalina to version 5.5.30 or higher.

[5.5.0,5.5.30)

Information Exposure

tomcat:catalina Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

[5.5,5.5.29)

Information Exposure

tomcat:catalina Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

[5.5,5.5.34)

Denial of Service (DoS)

tomcat:catalina Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

[5.5,5.5.35)

Access Restriction Bypass

tomcat:catalina The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

[5.5,5.5.36)

Improper Authentication

tomcat:catalina The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

[5.5,5.5.36)

Improper Authentication

tomcat:catalina The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

[5.5,5.5.36)

Access Restriction Bypass

tomcat:catalina The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

[,5.5.34)

Cryptographic Issues

tomcat:catalina DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

[5.5,5.5.34)

tomcat:catalina@5.5.8-alpha vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?