Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Remediation

References

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73

https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48

http://www.securityfocus.com/bid/94461

http://www.securitytracker.com/id/1037332

https://www.exploit-db.com/exploits/41783/

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.debian.org/security/2016/dsa-3738

https://access.redhat.com/errata/RHSA-2017:0935

https://access.redhat.com/errata/RHSA-2017:0456

https://access.redhat.com/errata/RHSA-2017:0455

http://rhn.redhat.com/errata/RHSA-2017-0527.html

http://rhn.redhat.com/errata/RHSA-2017-0457.html

http://rhn.redhat.com/errata/RHSA-2017-0250.html

http://rhn.redhat.com/errata/RHSA-2017-0247.html

http://rhn.redhat.com/errata/RHSA-2017-0246.html

http://rhn.redhat.com/errata/RHSA-2017-0245.html

http://rhn.redhat.com/errata/RHSA-2017-0244.html

https://security.netapp.com/advisory/ntap-20180607-0001/

https://usn.ubuntu.com/4557-1/

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2022-43766 Vulnerability in maven package org.apache.iotdb:iotdb-server

CVE-2020-24591 Vulnerability in maven package org.wso2.carbon.analytics-common:org.wso2.carbon.event.receiver.core

CVE-2020-6461 Vulnerability in npm package electron

CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract

CVE-2022-24431 Vulnerability in npm package abacus-ext-cmdline

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Tags

Release Notes Vendor Advisory Third Party Advisory VDB Entry