Bugzilla – Bug 967964
VUL-0: CVE-2016-0714: tomcat6, tomcat: Security Manager bypass via persistence mechanisms
Last modified: 2018-08-23 16:08:04 UTC
http://seclists.org/bugtraq/2016/Feb/145 CVE-2016-0714 Apache Tomcat Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.0 to 6.0.44 - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0.RC1 to 8.0.30 - - Apache Tomcat 9.0.0.M1 - - Earlier, unsupported Tomcat versions may be affected Description: Tomcat provides several session persistence mechanisms. The StandardManager persists session over a restart. The PersistentManager is able to persist sessions to files, a database or a custom Store. The Cluster implementation persists sessions to one or more additional nodes in the cluster. All of these mechanisms could be exploited to bypass a security manager. Session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code. By placing a carefully crafted object into a session, a malicious web application could trigger the execution of arbitrary code. Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 9.0.0.M3 or later (9.0.0.M2 has the fix but was not released) - - Upgrade to Apache Tomcat 8.0.32 or later (8.0.31 has the fix but was not released) - - Upgrade to Apache Tomcat 7.0.68 or later - - Upgrade to Apache Tomcat 6.0.45 or later Credit: This issue was discovered by The Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1311082 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0714 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0714.html
bugbot adjusting priority
SUSE-SU-2016:0769-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 967812,967814,967815,967964,967965,967966,967967 CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): tomcat-8.0.32-3.1
SUSE-SU-2016:0822-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 967812,967814,967815,967964,967965,967966,967967 CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763 Sources used: SUSE Linux Enterprise Server 12 (src): tomcat-7.0.68-7.6.1
SUSE-SU-2016:0839-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 934219,967815,967964,967965,967967 CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2016-0706,CVE-2016-0714 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): tomcat6-6.0.45-0.50.1
openSUSE-SU-2016:0865-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 967812,967814,967815,967964,967965,967966,967967 CVE References: CVE-2015-5174,CVE-2015-5345,CVE-2015-5346,CVE-2015-5351,CVE-2016-0706,CVE-2016-0714,CVE-2016-0763 Sources used: openSUSE Leap 42.1 (src): tomcat-8.0.32-5.1
Tomcat was patched. This can be closed.
released