Security Bulletin
Summary
Security vulnerabilities have been discovered in Apache Tomcat.
Vulnerability Details
CVEID: CVE-2011-4905
DESCRIPTION: Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
CVSS Base Score: 5.0
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-0248
DESCRIPTION: The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
CVSS Base Score: 3.3
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVEID: CVE-2014-0050
DESCRIPTION: MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
CVSS Base Score: 5
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-3577
DESCRIPTION: org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
CVSS Base Score: 5.8
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-0054
DESCRIPTION: The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE- 2013-7315, and CVE-2013-6429.
CVSS Base Score: 6.8
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-7315
DESCRIPTION: The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.
NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. CVSS Base Score: 6.8
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-6429
DESCRIPTION: The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
CVSS Base Score: 6.8
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-1904
DESCRIPTION: Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before
3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
CVSS Base Score: 4.3
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2014-0099
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93369 for the current score CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-0119
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93368 for the current score CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM SDN VE, Unified Controller, VMware Edition: 1.2.1 and earlier
IBM SDN VE, Unified Controller, KVM Edition: 1.2.1 and earlier
IBM SDN VE, Unified Controller, OpenFlow Edition: 1.2.1 and earlier
IBM SDN VE, Dove Management Console, VMware Edition: 1.0.0
Remediation/Fixes
IBM recommends updating affected IBM SDN VE, Unified Controllers to the
latest versions of IBM SDN VE for which IBM is providing a fix, which are
identified below:
IBM SDN VE, Unified Controller, VMware Edition: version 1.2.2 or later
IBM SDN VE, Unified Controller, KVM Edition: version 1.2.2 or later
IBM SDN VE, Unified Controller, OpenFlow Edition: version 1.2.2 or later
These versions are available via Passport Advantage.
Workarounds and Mitigations
None known
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
26 November 2014: Original Copy Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1021850