You are here

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

November 6, 2012 - 6:00am

Addthis

PROBLEM:

Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

PLATFORM:

Apache Tomcat 5.x
Apache Tomcat 6.x
Apache Tomcat 7.x

ABSTRACT:

Two vulnerabilities were reported in Apache Tomcat

REFERENCE LINKS:

Apache.org
Apache Tomcat Denial of Service
Apache Tomcat DIGEST authentication weaknesses
Secunia Advisory SA51138
CVE-2012-2733
CVE-2012-3439

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error within the "parseHeaders()" function (InternalNioInputBuffer.java) when parsing request headers does not properly verify the permitted size and can be exploited to trigger an OutOfMemoryError exception via specially crafted headers.

This vulnerability is reported in versions 6.0.0-6.0.35 and 7.0.0-7.0.27.

2) An error within DIGEST authentication mechanism does not properly check server nonces.

This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and 7.0.0-7.0.29.

IMPACT:

A remote user can make replay attacks possible in some circumstances.

A remote user can cause denial of service conditions.

SOLUTION:

Update to version 5.5.36, 6.0.36, or 7.0.30.

Addthis