Vigil@nce: Apache Tomcat, several vulnerabilities
June 2009 by Vigil@nce
An attacker can use several vulnerabilities of Apache Tomcat in
order to generate a denial of service or to obtain information.
Severity: 2/4
Consequences: data reading, denial of service of service
Provenance: intranet client
Means of attack: 1 proof of concept and 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 4
Creation date: 04/06/2009
Revision date: 09/06/2009
IMPACTED PRODUCTS
– Apache Tomcat
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Apache Tomcat.
An attacker can use invalid headers in order to close the AJP
connection. [grav:2/4; BID-35193, CVE-2009-0033]
When form authentication (j_security_check) is in mode
MemoryRealm, DataSourceRealm or JDBCRealm, an attacker can use an
invalid url encoding for the password. He can then detect if a
username is valid. [grav:2/4; BID-35196, CVE-2009-0580]
A web application can change the XML parser, and thus access to
the web.xml/context.xml file of another application. [grav:1/4;
CVE-2009-0783]
The url path is unnecessary canonized in ApplicationHttpRequest.java.
The url "http://s/dir1/dir2?/../" is for example converted to
"http://s/dir1/". [grav:2/4; BID-35263, CVE-2008-5515]
CHARACTERISTICS
Identifiers: BID-35193, BID-35196, BID-35263, CVE-2008-5515,
CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, VIGILANCE-VUL-8762
http://vigilance.fr/vulnerability/Apache-Tomcat-several-vulnerabilities-8762