Advertisement






Apache Tomcat 9.0.0.M1 Security Manager Persistence Bypass

CVE Category Price Severity
CVE-2016-0714 CWE-269 Not specified High
Author Risk Exploitation Type Date
Roberto Soares Espreto High Local 2016-02-23
CPE
cpe:cpe:/a:apache:tomcat:9.0.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016020190

Below is a copy:

Apache Tomcat 9.0.0.M1 Security Manager Persistence BypassCVE-2016-0714 Apache Tomcat Security Manager Bypass

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache Tomcat 9.0.0.M1
- - Earlier, unsupported Tomcat versions may be affected

Description:
Tomcat provides several session persistence mechanisms. The StandardManager persists session over a restart. The PersistentManager is able to persist sessions to files, a database or a custom Store. The Cluster implementation persists sessions to one or more additional nodes in the cluster. All of these mechanisms could be exploited to bypass a security manager. Session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code. By placing a carefully crafted object into a session, a malicious web application could trigger the execution of arbitrary code.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 9.0.0.M3 or later (9.0.0.M2 has the fix but was not released)
- - Upgrade to Apache Tomcat 8.0.32 or later (8.0.31 has the fix but was not released)
- - Upgrade to Apache Tomcat 7.0.68 or later
- - Upgrade to Apache Tomcat 6.0.45 or later

Credit:
This issue was discovered by The Apache Tomcat Security Team.

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
[4] http://tomcat.apache.org/security-6.html


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.