Apache Tomcat Multiple Vulnerabilities - 03 Mar14 Network Vulnerability

Summary

This host is running Apache Tomcat and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to conduct session fixation attacks and manipulate certain data. Impact Level: Application

Solution

Upgrade to version 6.0.39 or later, For Updates refer to http://tomcat.apache.org

Insight

Flaws are due to the org/apache/catalina/connector/CoyoteAdapter.java which does not consider the disableURLRewriting setting when handling a session ID in a URL.

Affected

Apache Tomcat version 6.0.33 through 6.0.37

Detection

Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.

References

http://packetstormsecurity.com/files/125392
http://seclists.org/bugtraq/2014/Feb/131
http://www.osvdb.com/103705

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0033

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Apple Safari WebKit Information Disclosure Vulnerability (Windows)
APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Apple Safari 'SRC' Remote Denial Of Service Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)

Take action and discover your vulnerabilities