Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Remediation

References

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/45748

http://secunia.com/advisories/48308

http://secunia.com/advisories/49094

http://secunia.com/advisories/57126

http://securityreason.com/securityalert/8362

http://www.debian.org/security/2012/dsa-2401

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

http://www.securityfocus.com/archive/1/519466/100/0/threaded

http://www.securityfocus.com/bid/49353

http://www.securitytracker.com/id?1025993

https://exchange.xforce.ibmcloud.com/vulnerabilities/69472

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

Related Vulnerabilities

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk14

CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-broker

CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2023-48240 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2017-0783 Vulnerability in maven package org.apache.openmeetings:openmeetings-web

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory Exploit