VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. Trend Micro InterScan Messaging Security Suite provides a high-performance, policy-based gateway security filtering solution for enterprise IT network resources, built on the enterprise's SMTP outbound gateway. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. InterScan Messaging Security Virtual Appliance 8.5.1.1516 is vulnerable; other versions may also affected

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple VMware products are prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on the guest operating system. The following products are affected: VMware Workstation 10.x prior to version 10.0.2 VMware Player 6.x prior to version 6.0.2 VMware Fusion 6.x prior to version 6.0.3 ESXi 5.5 without patch ESXi550-201403102-SG ESXi 5.1 without patch ESXi510-201404102-SG ESXi 5.0 without patch ESXi500-201405102-SG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2014-0005 Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation Issue date: 2014-05-29 Updated on: 2014-05-29 (initial advisory) CVE numbers: CVE-2014-3793 - ------------------------------------------------------------------------- 1. 2. Problem Description a. VMware would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us. This means that host memory can not be manipulated from the Guest Operating System. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3793 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. ** Workstation 9.x, Player 5.x and Fusion 5.x do not support Windows 8.1 Guest Operating Systems 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793 - ------------------------------------------------------------------------- 6. Change Log 2014-05-29 VMSA-2014-0005 Initial security advisory in conjunction with the release of ESXi 5.0 patches on 2014-05-29 - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8 wj8DBQFTiAIMDEcm8Vbi9kMRAgJiAKCI3namsqifeWwPKML6Gk2u+206PgCg2BFN Ik+PbexzXJiOjs0MAzONaw4= =nKGT -----END PGP SIGNATURE-----

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Multiple F5 BIG-IP and Enterprise Manager products are prone to a multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). SCADA Data Gateway is prone to a remote denial-of-service vulnerability because the application fails to properly validate the user-supplied input. An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. Note: This issue affects the IP connected devices. Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Triangle MicroWorks is a US-based company that uses single or third-party component products to communicate with peripherals/slave devices using various transport protocols (OPC Client, IEC 60870-6 (TASE.2/ICCP) Client, IEC 60870-5, DNP3, Modbus). An attacker can leverage this issue to consume resources resulting in denial-of-service condition; denying service to legitimate users. Note: To exploit this issue local access to the serial-based outstation is required. Versions prior to SCADA Data Gateway 3.00.0635 are vulnerable. Triangle MicroWorks SCADA Data Gateway (SDG) is a set of data acquisition and supervisory control system (SCADA) gateway products integrated in the server of Triangle MicroWorks in the United States

The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition. Cogent DataHub Contains a directory traversal vulnerability.A third party can read any file of any unspecified type via a crafted pathname, or Web Server service disruption (DoS) There is a possibility of being put into a state. Cogent DataHub is software for SCADA and automation. Cogent DataHub is prone to an unspecified directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cogent DataHub is software for SCADA and automation. Cogent DataHub has a reflective cross-site scripting vulnerability that allows an attacker to exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cogent DataHub 7.3.5 is vulnerable; other versions may also be affected

Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. Cisco Wide Area Application Services is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCue47674. This software is mainly used in the link environment with small bandwidth and large delay. There is a security vulnerability in Cisco WAAS 5.3(.5a) and earlier versions. The vulnerability is caused by the program not correctly parsing the SharePoint response when using the SharePoint acceleration function

Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. SAP Supplier Relationship Management (SRM) is a suite of supplier relationship management solutions from SAP SAP. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Apache Tomcat is prone to a remote denial-of-service vulnerability because it fails to properly bounds check user-supplied input. An attacker can exploit this issue to cause denial-of-service conditions; denying service to legitimate users. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.52 Apache Tomcat 6.0.0 to 6.0.39. ============================================================================ Ubuntu Security Notice USN-2302-1 July 30, 2014 tomcat6, tomcat7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. (CVE-2014-0075) It was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096) It was discovered that Tomcat incorrectly handled certain Content-Length headers. (CVE-2014-0099) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.1 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.5 Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.16 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tomcat packages fix security vulnerabilities: Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request&#039;s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE) CVE-2014-3490 RESTEasy: XXE via parameter entities CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state Red Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, Alexander Papadakis for reporting CVE-2014-3530, and Rune Steinseth of JProfessionals for reporting CVE-2014-8122. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on). Note that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/): 1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 1105242 - CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE) 1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities 1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling andl imited DoS in ChunkedInputFilter 1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1157304 - CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods 1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04483248 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04483248 Version: 1 HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-20 Last Updated: 2014-10-20 Potential Security Impact: Remote Denial of Service (DoS), man-in-the-middle (MitM) attack, HTTP request smuggling, modification of data; local modification of data Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. References: CVE-2013-4248 - PHP: man-in-the-middle (MitM) attack CVE-2013-4286 - Tomcat: remote HTTP request smuggling CVE-2013-6438 - Tomcat: remote Denial of Service (DoS) CVE-2014-0075 - Tomcat: remote Denial of Service (DoS) CVE-2014-0098 - Tomcat: remote Denial of Service (DoS) CVE-2014-0099 - Tomcat: remote HTTP request smuggling CVE-2014-3981 - PHP: local modification of data SSRT101681 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier HP-UX B.11.23 running Tomcat v5.5.36.01 or earlier HP-UX B.11.23 running PHP v5.2.17.03 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4248 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-6438 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0098 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3981 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com NOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21, Tomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04 HP-UX 11i Release Apache Depot name B.11.23 (11i v2 32-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot B.11.23 (11i v2 64-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.30 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.15.21 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 20 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2014:0865-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0865.html Issue date: 2014-07-09 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 ===================================================================== 1. Summary: Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1095602 - tomcat6 security patch tomcat6-6.0.24-CVE-2013-4322 typo results in application crash with EOFException 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-6.0.24-72.el6_5.noarch.rpm tomcat6-el-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-72.el6_5.noarch.rpm tomcat6-lib-6.0.24-72.el6_5.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-72.el6_5.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: tomcat6-6.0.24-72.el6_5.src.rpm noarch: tomcat6-admin-webapps-6.0.24-72.el6_5.noarch.rpm tomcat6-docs-webapp-6.0.24-72.el6_5.noarch.rpm tomcat6-javadoc-6.0.24-72.el6_5.noarch.rpm tomcat6-webapps-6.0.24-72.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate https://tomcat.apache.org/security-6.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTvXwnXlSAg2UNWIIRAlETAJ9h/t6cImOQb/wTXhxFFhcuNAuXXwCgrS7D OIiDqTphtomRGnnfl7/JS9g= =AWBW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug IDs CSCun46045 and CSCun46116. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCum77005. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. Vendors have confirmed this vulnerability Bug ID CSCum76930 It is released as.By a remotely authenticated user Location Administrator Authorized and crafted URL , You may get important number translation information. Cisco Unified Communications Domain Manager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information like Admin number translation. Information harvested may aid in launching further attacks. This issue is tracked by Cisco Bug ID CSCum76930. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. Vendors have confirmed this vulnerability Bug ID CSCun79731 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlSkillfully crafted by a third party URL Any user through Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. Vendors have confirmed this vulnerability Bug ID CSCun39631 and CSCun39643 It is released as.Skillfully crafted by a third party URL Account names may be enumerated via. Cisco Unified Communications Domain Manager is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. This issue being tracked by Cisco Bug IDs CSCun39631 and CSCun39643. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. A remote attacker could use a specially crafted URL to exploit this vulnerability to enumerate user accounts

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.52 Apache Tomcat 6.0.0 to 6.0.39. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Data Grid 6.3.0 update Advisory ID: RHSA-2014:0895-01 Product: Red Hat JBoss Data Grid Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0895.html Issue date: 2014-07-16 CVE Names: CVE-2014-0058 CVE-2014-0059 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 ===================================================================== 1. Summary: Red Hat JBoss Data Grid 6.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes. The Release Notes will be available shortly from https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/ This update also fixes the following security issues: It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that JBoss Web did not check for overflowing values when parsing request content length headers. (CVE-2014-0099) It was found that the security audit functionality, provided by Red Hat JBoss Data Grid, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. Refer to the Solution section of this advisory for additional information on the fix for this issue. (CVE-2014-0058) It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. (CVE-2014-0059) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. (CVE-2014-0119) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All users of Red Hat JBoss Data Grid 6.2.1 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Data Grid installation. The provided patch to fix CVE-2014-0058 also allows greater control over which of the following components of web requests are captured in audit logs: - - parameters - - cookies - - headers - - attributes It is also possible to selectively mask some elements of headers, parameters, cookies, and attributes using masks. This capability is provided by two system properties, which are introduced by this patch: 1) org.jboss.security.web.audit Description: This property controls the granularity of the security auditing of web requests. Possible values: off = Disables auditing of web requests headers = Audits only the headers of web requests cookies = Audits only the cookies of web requests parameters = Audits only the parameters of web requests attributes = Audits only the attributes of web requests headers,cookies,parameters = Audits the headers, cookies, and parameters of web requests headers,cookies = Audits the headers and cookies of web requests Default Value: headers, parameters Examples: Setting "org.jboss.security.web.audit=off" disables security auditing of web requests entirely. Setting "org.jboss.security.web.audit=headers" enables security auditing of only headers in web requests. 2) org.jboss.security.web.audit.mask Description: This property can be used to specify a list of strings to be matched against headers, parameters, cookies, and attributes of web requests. Any element matching the specified masks will be excluded from security audit logging. Possible values: Any comma separated string indicating keys of headers, parameters, cookies, and attributes. Default Value: j_password, authorization Note that currently the matching of the masks is fuzzy rather than strict. For example, a mask of "authorization" will mask both the header called authorization and the parameter called "custom_authorization". A future release may introduce strict masks. 4. Bugs fixed (https://bugzilla.redhat.com/): 1063641 - CVE-2014-0058 Red Hat JBoss EAP6: Plain text password logging during security audit 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 5. References: https://www.redhat.com/security/data/cve/CVE-2014-0058.html https://www.redhat.com/security/data/cve/CVE-2014-0059.html https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTxsOWXlSAg2UNWIIRAnvFAJ9oo6SpbAMA5fFfcl87bkcnKma7jQCeOY3U BKYtD4zlGceUuD+E3C1i3vE= =swqj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tomcat packages fix security vulnerabilities: Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request&#039;s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227). The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. This update also fixes the following bug: The tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a dependency of Red Hat JBoss Web Server 2.0.1, included a build of commons-dbcp.jar that used an incorrect java package name, causing applications using this dependency to not function properly. With this update, the java package name has been corrected. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.52 Apache Tomcat 6.0.0 to 6.0.39. Solution: The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:053 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tomcat6 Date : March 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tomcat6 packages fix security vulnerabilities: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). In Apache Tomcat 6.x before 6.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0268.html http://advisories.mageia.org/MGASA-2015-0081.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 1e8a7ceba7befde2cc00e4692edbb2c4 mbs1/x86_64/tomcat6-6.0.43-1.mbs1.noarch.rpm 06f517754e9d043a05a465bfbc9511d9 mbs1/x86_64/tomcat6-admin-webapps-6.0.43-1.mbs1.noarch.rpm 12662943e4b7474eaeb884414c1542a3 mbs1/x86_64/tomcat6-docs-webapp-6.0.43-1.mbs1.noarch.rpm 0e93126df244648f82045ef4380d4680 mbs1/x86_64/tomcat6-el-2.1-api-6.0.43-1.mbs1.noarch.rpm f9856715fa849af74d5a4a6893111572 mbs1/x86_64/tomcat6-javadoc-6.0.43-1.mbs1.noarch.rpm df7e1851bec9805d843197db0f8fda41 mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.43-1.mbs1.noarch.rpm ed5b6f2cd6884b92613997b6dfd77cb7 mbs1/x86_64/tomcat6-lib-6.0.43-1.mbs1.noarch.rpm a273b8f736fd13fb066a6d7052eea925 mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.43-1.mbs1.noarch.rpm 127d1d1ecf7b6be75ac9f306f66f08fd mbs1/x86_64/tomcat6-systemv-6.0.43-1.mbs1.noarch.rpm 955d38f8c9dade3438dd254fe1778075 mbs1/x86_64/tomcat6-webapps-6.0.43-1.mbs1.noarch.rpm 816110f95d3ee2f6347c9c057695d6d0 mbs1/SRPMS/tomcat6-6.0.43-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU9XyKmqjQ0CJFipgRAvukAKCI1DXuj5eJr1SVaNIoXhz9PUilpQCg0l4c 77X/s+2Ee3FYUp9lZWBmLRg= =pm31 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update Advisory ID: RHSA-2014:0843-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0843.html Issue date: 2014-07-07 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 ===================================================================== 1. Summary: Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server - noarch Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. (CVE-2014-0119) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 6. Package List: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server: Source: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el5.src.rpm noarch: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el5.noarch.rpm Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server: Source: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el6.src.rpm noarch: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTurZGXlSAg2UNWIIRAjQuAJ9G3FrmmxQq8xNK5ngLTL/E35dXQgCdFTvu rNpjwHEU4w/Fa4I/WyPuVh0= =tXq5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2302-1 July 30, 2014 tomcat6, tomcat7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. (CVE-2014-0075) It was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096) It was discovered that Tomcat incorrectly handled certain Content-Length headers. (CVE-2014-0099) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.1 Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.5 Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.16 In general, a standard system update will make all the necessary changes. Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56 Description =========== Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41" All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56" References ========== [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-29.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.53 Apache Tomcat 6.0.0 to 6.0.39. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update Advisory ID: RHSA-2014:0843-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0843.html Issue date: 2014-07-07 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 ===================================================================== 1. Summary: Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server - noarch Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. (CVE-2014-0119) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 6. Package List: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server: Source: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el5.src.rpm noarch: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el5.noarch.rpm Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server: Source: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el6.src.rpm noarch: jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTurZGXlSAg2UNWIIRAjQuAJ9G3FrmmxQq8xNK5ngLTL/E35dXQgCdFTvu rNpjwHEU4w/Fa4I/WyPuVh0= =tXq5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2654-1 June 25, 2015 tomcat7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat7: Servlet and JSP engine Details: It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0227) It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0230) It was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libtomcat7-java 7.0.56-2ubuntu0.1 Ubuntu 14.10: libtomcat7-java 7.0.55-1ubuntu0.2 Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.3 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tomcat packages fix security vulnerabilities: Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request&#039;s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0148.html http://advisories.mageia.org/MGASA-2014-0268.html http://advisories.mageia.org/MGASA-2015-0081.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: dce2bd5077a8e201da2a52717f3ef3a4 mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm 7908cc5facecb5c65c976cdff41b1d7c mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm 21d8b843398fa256f05b1ad8464b6787 mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm 27218eccc1ba454ef1cafea51976475a mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm cc0f94bb899c3a82ecb1daa0cccd40b9 mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm 60c451802ce55df14445d2a560f544f8 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm d7598284719161790f2617b715dbe444 mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm 90279c92333646b38010bcf54f488e4a mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm e8b29b53c91bee0b3ffdd224c6b00038 mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm a648279678ad5c804e8f7f9145ec794c mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm f0cb2c5e57edc0c4f7cda66d393165fb mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm cdaa6216b605cc23635cdeb4f77d32f9 mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04851013 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04851013 Version: 1 HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-10-15 Last Updated: 2015-10-15 Potential Security Impact: Remote multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. References: CVE-2013-4286 CVE-2013-4322 CVE-2013-4444 CVE-2013-4590 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0230 CVE-2014-0277 SSRT101975 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS CSWS_JAVA v7.0.29 Tomcat BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-4322 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-4444 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2013-4590 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0230 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-0277 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software update to resolve the vulnerabilities in HP OpenVMS CSWS_Java. "Cumulative security patch for vulnerabilities addressed on CSWS_JAVA v7.0.29" http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac he/csws_java.html HISTORY Version:1 (rev.1) - 15 October 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For the oldstable distribution (wheezy), these problems have been fixed in version 6.0.45+dfsg-1~deb7u1. Mitigation: Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 8.0.8 or later (8.0.6 and 8.0.7 contain the fix but were not released) - Upgrade to Apache Tomcat 7.0.54 or later - Upgrade to Apache Tomcat 6.0.41 or later (6.0.40 contains the fix but was not released) Credit: This issue was identified by the Tomcat security team. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56 Description =========== Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41" All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56" References ========== [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-29.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5