VID |
22759 |
Severity |
40 |
Port |
80, ... |
Protocol |
TCP |
Class |
WWW |
Detailed Description |
According to its self-reported version number, the Apache Tomcat service running on the remote host is version 8.0.x prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into esponses, to conduct HTTP response splitting attacks. (CVE-2016-6816)
- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. (CVE-2016-6817)
- A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit his to execute arbitrary code. (CVE-2016-8735)
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References: https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
* Platforms Affected: Apache Tomcat Server versions prior to 8.0.39 Any operating system Any version |
Recommendation |
Upgrade to the latest version of Apache Tomcat Server (8.0.39 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
Related URL |
CVE-2016-6816,CVE-2016-6817,CVE-2016-8735 (CVE) |
Related URL |
94097,94461,94463 (SecurityFocus) |
Related URL |
(ISS) |
|