Skip to main content

Vulnerabilities in Tomcat version prior to 9.0.82

Chris English
  • Updated

Vulnerability 1

 
The version of Tomcat installed on the remote host is prior to 9.0.69. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.69_security-9 advisory.
- The JsonErrorReportValve did not escape the type, message or description values. In some circumstances     these are constructed from user provided data and it was therefore possible for users to supply values     that invalidated or manipulated the JSON output. (CVE-2022-45143)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to Apache Tomcat version 9.0.69 or later.
Plugin Output:
Path              : /apps/tomcat/cronacle/j2ee/cluster/global/tomcat
Installed version : 9.0.54
Fixed version     : 9.0.69

 
Vulnerability 2

 

 
The version of Tomcat installed on the remote host is prior to 9.0.71. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.71_security-9 advisory.
- Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting     in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
  (CVE-2023-24998)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to Apache Tomcat version 9.0.71 or later.
Plugin Output:
Path              : /apps/tomcat/cronacle/j2ee/cluster/global/tomcat
Installed version : 9.0.54
Fixed version     : 9.0.71
 

 
Vulnerability 3

 
The version of Tomcat installed on the remote host is prior to 9.0.72. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.72_security-9 advisory.
- When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to Apache Tomcat version 9.0.72 or later.
Plugin Output:
Path              : /apps/tomcat/cronacle/j2ee/cluster/global/tomcat
Installed version : 9.0.54
Fixed version     : 9.0.72
 

 
Vulnerability 4 (We can go to 9.0.80 Here , so we need Runmyjobs packaged software for Tomcat 9.0.80)
 

 
The version of Tomcat installed on the remote host is prior to 9.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.81_security-9 advisory.
- Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could     cause Tomcat to treat a single request as multiple requests leading to the possibility of request     smuggling when behind a reverse proxy. (CVE-2023-45648)
- Tomcat's HTTP/2 implementation was vulnerable to the rapid reset attack. The denial of service typically     manifested as an OutOfMemoryError. (CVE-2023-44487)
- Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that     exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file     but failed to close the stream. The file would never be deleted from disk creating the possibility of an     eventual denial of service due to the disk being full. (CVE-2023-42794)
- When recycling various internal objects, including the request and the response, prior to re-use by the     next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to     information leaking from the current request/response to the next. (CVE-2023-42795)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution:
Upgrade to Apache Tomcat version 9.0.81 or later.
Plugin Output:
Path              : /apps/tomcat/cronacle/j2ee/cluster/global/tomcat
Installed version : 9.0.54
Fixed version     : 9.0.81

 

Solution:

The Tomcat dependency has been upgraded to 9.0.82 in all supported version of RMJ, i.e. 9.2.8.13, 9.2.9.2, 9.2.10.2, 9.2.11.3, 2023.2.1.0. These versions are not yet available at the last review. 

Version 2023.3.0.0 had been released at the time of the last review.

 

Internal Reference:

https://redwoodsoftware.atlassian.net/browse/ENV-2585 

 

Last updated: 11 Jan 2024

Related articles

Comments

1 comment

Date Votes
  • Johannes K. Kalma

    Is there any prognose when latest versions will be available?

     

    0

Please sign in to leave a comment.