Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2017-0244.html

http://rhn.redhat.com/errata/RHSA-2017-0245.html

http://rhn.redhat.com/errata/RHSA-2017-0246.html

http://rhn.redhat.com/errata/RHSA-2017-0247.html

http://rhn.redhat.com/errata/RHSA-2017-0250.html

http://rhn.redhat.com/errata/RHSA-2017-0457.html

http://rhn.redhat.com/errata/RHSA-2017-0527.html

http://www.debian.org/security/2016/dsa-3738

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/94461

http://www.securitytracker.com/id/1037332

https://access.redhat.com/errata/RHSA-2017:0455

https://access.redhat.com/errata/RHSA-2017:0456

https://access.redhat.com/errata/RHSA-2017:0935

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20180607-0001/

https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13

https://usn.ubuntu.com/4557-1/

https://www.exploit-db.com/exploits/41783/

Related Vulnerabilities

CVE-2022-23307 Vulnerability in maven package org.apache.logging.log4j:log4j

CVE-2022-1365 Vulnerability in npm package cross-fetch

CVE-2014-3623 Vulnerability in maven package org.apache.wss4j:wss4j

CVE-2019-11819 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts

CVE-2017-1000048 Vulnerability in maven package org.webjars.npm:qs

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Tags

Third Party Advisory VDB Entry Release Notes Vendor Advisory