Detalji

Uočena su dva sigurnosna propusta u radu programskog paketa Apache Tomcat. Apache Tomcat je poslužitelj web aplikacija namijenjen Java Servlet i JavaServer Pages tehnologijama. Prvi je propust posljedica neodgovarajuće provjere ulaznih podataka u HTML Manager sučelju, a napadaču omogućuje zaobilaženje postavljenih ograničenja te izvođenje XSS napada. Drugi je uzrokovan pogreškom u postavkama "ServletContect" značajke. Napadaču omogućuje neovlašteni pristup sustavu. Korisnicima se preporuča prelazak na ispravljene inačice.

Apache Tomcat Cross Site Scripting and Permission Bypass Vulnerabilities

VUPEN ID 	VUPEN/ADV-2011-0292
CVE ID 	CVE-2010-3718 - CVE-2011-0013
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Moderate Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-07
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Two vulnerabilities have been identified in Apache Tomcat, which could be exploited to bypass restrictions or gain knowledge of sensitive information.

The first issue is caused by an input validation error in the HTML Manager interface when displaying web application data, which could allow cross site scripting attacks.

The second vulnerability is caused due to the read-only setting not being applied when running web applications under a SecurityManager, which could allow a malicious web application to gain unauthorized read and write access to a vulnerable system.

Affected Products

Apache Tomcat versions 7.x
Apache Tomcat versions 6.x
Apache Tomcat versions 5.x

Solution 

Upgrade to Apache Tomcat version 7.0.6 or later, 6.0.30 or later, or 5.5.32 :
http://archive.apache.org/dist/tomcat

References

http://www.vupen.com/english/advisories/2011/0292
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html

Credits 

Vulnerabilities reported by the vendor.

Changelog 

2011-02-07 : Initial release

Idi na vrh