Description

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Remediation

References

http://svn.apache.org/viewvc?view=revision&revision=1145571

https://bugzilla.redhat.com/show_bug.cgi?id=720948

http://svn.apache.org/viewvc?view=revision&revision=1146005

http://www.securityfocus.com/bid/48667

http://svn.apache.org/viewvc?view=revision&revision=1145383

http://svn.apache.org/viewvc?view=revision&revision=1145694

http://secunia.com/advisories/45232

http://osvdb.org/73797

http://osvdb.org/73798

http://www.securitytracker.com/id?1025788

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

http://www.debian.org/security/2012/dsa-2401

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-5.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/57126

http://marc.info/?l=bugtraq&m=133469267822771&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/68541

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573

http://secunia.com/advisories/48308

http://www.securityfocus.com/archive/1/518889/100/0/threaded

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2021-23342 Vulnerability in maven package org.webjars.npm:docsify

CVE-2019-16335 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-0841 Vulnerability in npm package npm-lockfile

CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser

CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker

Severity

Critical

Classification

CWE-20

Tags

Patch