| VID |
22662 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is earlier than Tomcat 6.0.43 and, therefore, may be affected by the following vulnerabilities :
- An error exists in the function 'ssl3_read_bytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled.
- A buffer overflow error exists related to invalid DTLS fragment handling that can lead to the execution of arbitrary code. Note that this issue only affects OpenSSL when used as a DTLS client or server.
- An error exists in the function 'do_ssl3_write' that can allow a NULL pointer to be dereferenced leading to denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled.
- An error exists related to DTLS handshake handling that can lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.
- An unspecified error exists in how ChangeCipherSpec messages are processed that can allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.
- An unspecified error exists related to anonymous ECDH cipher suites that can allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients.
- A memory double-free error exists in 'd1_both.c' related to handling DTLS packets that allows denial of service attacks.
- An unspecified error exists in 'd1_both.c' related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed.
- A memory leak error exists in 'd1_both.c' related to handling specially crafted DTLS packets that allows denial of service attacks.
- An error exists in the 'OBJ_obj2txt' function when various 'X509_name_*' pretty printing functions are used, which leak process stack data, resulting in an information disclosure.
- An error exists related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session.
- A NULL pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allows denial of service attacks against clients.
- An error exists related to handling fragmented 'ClientHello' messages that allows a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client.
- Buffer overflow errors exist in 'srp_lib.c' related to handling Secure Remote Password protocol (SRP) parameters, which can allow a denial of service or have other unspecified impact.
- An memory leak error exists in 'd1_srtp.c' related to the DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks.
- An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.
- An memory leak error exists in 't1_lib.c' related to session ticket handling that can allow denial of service attacks.
- An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages.
- A NULL pointer dereference error exists in 't1_lib.c', related to handling Secure Remote Password protocol (SRP) ServerHello messages, which allows a malicious server to crash a client, resulting in a denial of service.
* Note: This check solely relied on the version number of the remote Web server to ass |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (6.0.43 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566 (CVE) |
| Related URL |
69075,69076,69077,69078,69079,69081,69082,69083,69084,70574 (SecurityFocus) |
| Related URL |
(ISS) |
|
