Summary
This host is running Apache Tomcat and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain access to potentially sensitive internal information or crash the program.
Impact Level: Application
Solution
Upgrade to version 6.0.39 or 7.0.50 or 8.0.0-RC10 or later, For Updates refer to http://tomcat.apache.org
Insight
Multiple flaws are due to,
- Error when handling a request for specially crafted malformed header (i.e. whitespace after the : in a trailing header).
- Improper parsing of XML data to an incorrectly configured XML parser accepting XML external entities from an untrusted source.
Affected
Apache Tomcat version before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4322, CVE-2013-4590 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)