Summary
This host is running Apache Tomcat and is
prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to cause a denial of service (resource consumption), bypass security-manager restrictions and read arbitrary files, conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Impact Level: Application
Solution
Upgrade to version 6.0.40, 7.0.53,
8.0.4 or later. For updates refer to refer http://tomcat.apache.org
Insight
Multiple flaws are due to,
- An Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java - The java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in does not properly restrict XSLT stylesheets.
- Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in when operated behind a reverse proxy
Affected
Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)