Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
A number of vulnerabilities have been identified in Tomcat 7.0.52:
Low: Information Disclosure CVE-2014-0119
In limited circumstances it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs) and tag plugin configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or have visibility of the XML files processed for other web applications deployed on the same Tomcat instance.
Important: Denial of Service CVE-2014-0075
It was possible to craft a malformed chunk size as part of a chucked request that enabled an unlimited amount of data to be streamed to the server, bypassing the various size limits enforced on a request. This enabled a denial of service attack.
Important: Information disclosure CVE-2014-0096
The default servlet allows web applications to define (at multiple levels) an XSLT to be used to format a directory listing. When running under a security manager, the processing of these was not subject to the same constraints as the web application. This enabled a malicious web application to bypass the file access constraints imposed by the security manager via the use of external XML entities.
Important: Information disclosure CVE-2014-0099
The code used to parse the request content length header did not check for overflow in the result. This exposed a request smuggling vulnerability when Tomcat was located behind a reverse proxy that correctly processed the content length header.
See http://tomcat.apache.org/security-7.html#Apache_Tomcat_7.x_vulnerabilities for links to more detailed descriptions.
Attachments
Issue Links
- relates to
-
JRASERVER-38636 Upgrade JIRA to the latest minor Tomcat (7.0.54+) to fix security vulnerabilites
- Closed