Description

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Remediation

References

http://www.securityfocus.com/bid/97530

https://security.gentoo.org/glsa/201705-09

http://www.securitytracker.com/id/1038220

http://www.debian.org/security/2017/dsa-3843

http://www.debian.org/security/2017/dsa-3842

https://access.redhat.com/errata/RHSA-2017:1809

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:1801

https://security.netapp.com/advisory/ntap-20180614-0001/

http://www.openwall.com/lists/oss-security/2020/07/20/8

https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2015-8851 Vulnerability in maven package org.webjars.npm:node-uuid

CVE-2019-10786 Vulnerability in npm package network-manager

CVE-2019-10794 Vulnerability in npm package component-flatten

CVE-2021-37136 Vulnerability in maven package io.netty:netty-codec

CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons

Severity

Critical

Classification

CWE-668 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry