Summary
This host is running Apache Tomcat and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain access to potentially sensitive internal information or crash the program.
Impact Level: Application
Solution
Upgrade to version 6.0.39 or 7.0.50 or 8.0.0-RC10 or later, For Updates refer to http://tomcat.apache.org
Insight
Multiple flaws are due to,
- Error when handling a request for specially crafted malformed header (i.e. whitespace after the : in a trailing header).
- Improper parsing of XML data to an incorrectly configured XML parser accepting XML external entities from an untrusted source.
Affected
Apache Tomcat version before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4322, CVE-2013-4590 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
- Apache Tomcat Multiple Vulnerabilities - 03 Mar14
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability