SB2019080617 - Red Hat update for tomcat

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019080617

SB2019080617 - Red Hat update for tomcat

Published: August 6, 2019

Security Bulletin ID SB2019080617
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2018-1304)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled when used as part of a security constraint definition. A remote attacker can supply a specially crafted URL, bypass security restrictions and gain unauthorised access to web application resources.

2) Integer overflow (CVE-ID: CVE-2018-13053)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in kernel/time/alarmtimer.c within the alarm_timer_nsleep function. A local user can trigger integer overflow due to ktime_add_safe is not used and escalate privileges on the system.


3) Cross-site scripting (CVE-ID: CVE-2018-13055)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the "view_filters_page.php" page. A remote attacker can inject arbitrary code (if CSP settings permit it) through a crafted "PATH_INFO".

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Security restrictions bypass (CVE-ID: CVE-2018-1305)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to security constraints defined by annotations of Servlets are only applied once a Servlet had been loaded. A remote attacker can supply a specially crafted URL pattern and any URLs below that point, bypass security restrictions and gain unauthorised access to arbitrary resources.

5) Information disclosure (CVE-ID: CVE-2018-8014)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. A remote attacker can access important data.


6) Security restrictions bypass (CVE-ID: CVE-2018-8034)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to host name verification when using TLS with the WebSocket client was missing. A remote unauthenticated attacker can bypass security restrictions when using TLS.


Remediation

Install update from vendor's website.

References