Korean
<< Back
VID 22751
Severity 30
Port 80, ...
Protocol TCP
Class WWW
Detailed Description According to its self-reported version number, the Apache Tomcat service running on the remote host is version 7.0.x prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to a failure to process passwords when paired with a non-existent username. An unauthenticated, remote attacker can exploit this, via a timing attack, to enumerate user account names. (CVE-2016-0762)

- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager via a utility method that is accessible to web applications. (CVE-2016-5018)

- An information disclosure vulnerability exists in the SecurityManager component due to a failure to properly restrict access to system properties for the configuration files system property replacement feature. An attacker can exploit this, via a specially crafted web application, to bypass SecurityManager restrictions and disclose system properties. (CVE-2016-6794)

- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager by changing the configuration parameters for a JSP servlet. (CVE-2016-6796)

- A security bypass vulnerability exists due to a failure to limit web application access to global JNDI resources. A local attacker can exploit this to gain unauthorized access to resources. (CVE-2016-6797)

* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.

* References:
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72

* Platforms Affected:
Apache Tomcat Server versions prior to 7.0.72
Any operating system Any version
Recommendation Upgrade to the latest version of Apache Tomcat Server (7.0.72 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/
Related URL CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797 (CVE)
Related URL 93939,93940,93942,93943,93944 (SecurityFocus)
Related URL (ISS)