HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-44
Multiple Vulnerabilities in Apache Tomcat.

Original issue date: August 22, 2007

Severity Rating: High

Systems Affected

  • Apache Tomcat 6.0.0 to 6.0.13
  • Apache Tomcat 5.5.0 to 5.5.24
  • Apache Tomcat 5.0.0 to 5.0.30
  • Apache Tomcat 4.1.0 to 4.1.36
  • Apache Tomcat 3.3 to 3.3.2

Overview

Multiple vulnerabilities have been reported in Apache Tomcat which could be exploited by remote attacker to conduct session hijacking attacks and steal sensitive and confidential information from affected system.

Description

1. Apache Tomcat Cookie Information Disclosure Vulnerability ( CVE -2007-3382 )

A vulnerability has been reported in Apache Tomcat due to the way it treats a single quote character (‘) in a cookie value .Tomcat incorrectly treats a single quote character (‘) in a cookie value as a delimiter. This may cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

2. Apache Tomcat Improper Handling of \" in cookies.
( CVE -2007-3385 )

A vulnerability has been reported in Apache Tomcat due to improper handling the \" character sequence in a cookie value . A remote attacker could exploit the vulnerability to steal sensitive and confidential information or enable session hijacking attacks.

3. Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability. (CVE -2007-3386)

A cross-site scripting (XSS) vulnerability has been identified in the Host Manager Servlet for Apache Tomcat as it did not filter user supplied data before display. The vulnerability could be exploited by remote attackers to inject arbitrary web script or HTML via specially crafted requests to steal sensitive and confidential information of the affected system.

Solution

Update to Apache Tomcat version 6.0.14.
http://tomcat.apache.org/security.html


Vendor Information

Tomcat apache
http://tomcat.apache.org/security.html

References

US-CERT
http://www.kb.cert.org/vuls/id/993544

Security Focus
http://www.securityfocus.com/bid/25314

Xforce
http://xforce.iss.net/xforce/xfdb/36001

Secunia
http://secunia.com/advisories/26466/


CVE-Name
CVE -2007-3382
CVE -2007-3385
CVE -2007-3386

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003