CVE-2005-2090
CVSS4.3
发布时间 :2005-07-05 00:00:00
修订时间 :2011-03-07 21:23:22
NMCOP    

[原文]Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."


[CNNVD]Apache Tomcat 多个安全漏洞(CNNVD-200507-004)

        Tomcat是一个Servlet容器,实现了对Servlet和JavaServer Page(JSP)的支持,并提供了作为Web服务器的一些特有功能。
        Tomcat5.0.19及4.1.24版本中存在多个安全漏洞。
        远程攻击者可利用漏洞破坏Web cache,绕过Web应用程序防火墙保护,还可以导致跨站脚本攻击。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:apache:coyote_http_connector:1.0Apache Software Foundation Coyote 1.0
cpe:/a:apache:tomcat:5.0.19Apache Software Foundation Tomcat 5.0.19
cpe:/a:apache:coyote_http_connector:1.1Apache Software Foundation Coyote 1.1
cpe:/a:apache:tomcat:4.1.24Apache Software Foundation Tomcat 4.1.24

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10499Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application fi...
oval:org.mitre.oval:def:22631ELSA-2007:0327: tomcat security update (Important)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2090
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-004
(官方数据源) CNNVD

- 其它链接及资源

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
(UNKNOWN)  MISC  http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://www.vupen.com/english/advisories/2009/0233
(UNKNOWN)  VUPEN  ADV-2009-0233
http://www.vupen.com/english/advisories/2008/1979/references
(UNKNOWN)  VUPEN  ADV-2008-1979
http://www.vupen.com/english/advisories/2008/0065
(UNKNOWN)  VUPEN  ADV-2008-0065
http://www.vupen.com/english/advisories/2007/3386
(UNKNOWN)  VUPEN  ADV-2007-3386
http://www.vupen.com/english/advisories/2007/3087
(UNKNOWN)  VUPEN  ADV-2007-3087
http://www.vupen.com/english/advisories/2007/2732
(UNKNOWN)  VUPEN  ADV-2007-2732
http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded
(UNKNOWN)  BUGTRAQ  20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded
(UNKNOWN)  BUGTRAQ  20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
http://www.securiteam.com/securityreviews/5GP0220G0U.html
(UNKNOWN)  MISC  http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
(UNKNOWN)  CONFIRM  http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://secunia.com/advisories/33668
(UNKNOWN)  SECUNIA  33668
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
(UNKNOWN)  BUGTRAQ  20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
(UNKNOWN)  HP  SSRT071447
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
(UNKNOWN)  CONFIRM  http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://www.securityfocus.com/bid/25159
(UNKNOWN)  BID  25159
http://www.securityfocus.com/bid/13873
(UNKNOWN)  BID  13873
http://www.securityfocus.com/archive/1/archive/1/485938/100/0/threaded
(UNKNOWN)  BUGTRAQ  20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
http://www.redhat.com/support/errata/RHSA-2008-0261.html
(UNKNOWN)  REDHAT  RHSA-2008:0261
http://www.redhat.com/support/errata/RHSA-2007-0360.html
(UNKNOWN)  REDHAT  RHSA-2007:0360
http://www.redhat.com/support/errata/RHSA-2007-0327.html
(UNKNOWN)  REDHAT  RHSA-2007:0327
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
(UNKNOWN)  CONFIRM  http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
http://tomcat.apache.org/security-6.html
(UNKNOWN)  CONFIRM  http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
(UNKNOWN)  CONFIRM  http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html
(UNKNOWN)  CONFIRM  http://tomcat.apache.org/security-4.html
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
(UNKNOWN)  SUNALERT  239312
http://securitytracker.com/id?1014365
(UNKNOWN)  SECTRACK  1014365
http://secunia.com/advisories/30908
(UNKNOWN)  SECUNIA  30908
http://secunia.com/advisories/30899
(UNKNOWN)  SECUNIA  30899
http://secunia.com/advisories/29242
(UNKNOWN)  SECUNIA  29242
http://secunia.com/advisories/28365
(UNKNOWN)  SECUNIA  28365
http://secunia.com/advisories/27037
(UNKNOWN)  SECUNIA  27037
http://secunia.com/advisories/26660
(UNKNOWN)  SECUNIA  26660
http://secunia.com/advisories/26235
(UNKNOWN)  SECUNIA  26235
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
(UNKNOWN)  MLIST  [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
(UNKNOWN)  SUSE  SUSE-SR:2008:005
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
(UNKNOWN)  APPLE  APPLE-SA-2007-07-31
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
(UNKNOWN)  HP  HPSBUX02262
http://docs.info.apple.com/article.html?artnum=306172
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=306172

- 漏洞信息

Apache Tomcat 多个安全漏洞
中危 输入验证
2005-07-05 00:00:00 2009-02-05 00:00:00
远程  
        Tomcat是一个Servlet容器,实现了对Servlet和JavaServer Page(JSP)的支持,并提供了作为Web服务器的一些特有功能。
        Tomcat5.0.19及4.1.24版本中存在多个安全漏洞。
        远程攻击者可利用漏洞破坏Web cache,绕过Web应用程序防火墙保护,还可以导致跨站脚本攻击。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://tomcat.apache.org/

- 漏洞信息 (F74289)

CA20090123-01.txt (PacketStormID:F74289)
2009-01-27 00:00:00
Ken Williams  www3.ca.com
advisory,arbitrary
CVE-2005-2090,CVE-2005-3510,CVE-2006-3835,CVE-2006-7195,CVE-2006-7196,CVE-2007-0450,CVE-2007-1355,CVE-2007-1358,CVE-2007-1858,CVE-2007-2449,CVE-2007-2450,CVE-2007-3382,CVE-2007-3385,CVE-2007-3386,CVE-2008-0128
[点击下载]

Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.

Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities


CA Advisory Reference: CA20090123-01


CA Advisory Date: 2009-01-23


Reported By: n/a


Impact: Refer to the CVE identifiers for details.


Summary: Multiple security risks exist in Apache Tomcat as 
included with CA Cohesion Application Configuration Manager. CA 
has issued an update to address the vulnerabilities. Refer to the 
References section for the full list of resolved issues by CVE 
identifier.


Mitigating Factors: None


Severity: CA has given these vulnerabilities a Medium risk rating.


Affected Products:
CA Cohesion Application Configuration Manager 4.5


Non-Affected Products
CA Cohesion Application Configuration Manager 4.5 SP1


Affected Platforms:
Windows


Status and Recommendation:
CA has issued the following update to address the vulnerabilities.

CA Cohesion Application Configuration Manager 4.5:

RO04648
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search
&searchID=RO04648


How to determine if you are affected:

1. Using Windows Explorer, locate the file "RELEASE-NOTES".
2. By default, the file is located in the 
   "C:\Program Files\CA\Cohesion\Server\server\" directory.
3. Open the file with a text editor.
4. If the version is less than 5.5.25, the installation is 
   vulnerable.


Workaround: None


References (URLs may wrap):
CA Support:
http://support.ca.com/
CA20090123-01: Security Notice for Cohesion Tomcat
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975
40
Solution Document Reference APARs:
RO04648
CA Security Response Blog posting:
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Reported By: 
n/a
CVE References:
CVE-2005-2090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
CVE-2005-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510
CVE-2006-3835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835
CVE-2006-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
CVE-2006-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196
CVE-2007-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
CVE-2007-1355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355
CVE-2007-1358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358
CVE-2007-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858
CVE-2007-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449
CVE-2007-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450
CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
CVE-2007-3385 *
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
CVE-2007-3386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386
CVE-2008-0128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128
*Note: the issue was not completely fixed by Tomcat maintainers.
OSVDB References: Pending
http://osvdb.org/


Changelog for this advisory:
v1.0 - Initial Release
v1.1 - Updated Impact, Summary, Affected Products


Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your 
findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777
82


Regards,
Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team


CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2009 CA. All rights reserved.
    

- 漏洞信息 (F62402)

VMware Security Advisory 2008-0002 (PacketStormID:F62402)
2008-01-08 00:00:00
VMware  vmware.com
advisory
CVE-2005-2090,CVE-2006-7195,CVE-2007-0450,CVE-2007-3004
[点击下载]

VMware Security Advisory - Updated Tomcat and JRE security updates have been issued for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2008-0002
Synopsis:          Low severity security update for VirtualCenter
                   and ESX Server 3.0.2, and ESX 3.0.1
Issue date:        2008-01-07
Updated on:        2008-01-07
CVE numbers:       CVE-2005-2090 CVE-2006-7195
                   CVE-2007-0450 CVE-2007-3004
- -------------------------------------------------------------------

1. Summary:

   Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX
   Server 3.0.2, and ESX 3.0.1.

2. Relevant releases:

   VirtualCenter Management Server 2
   ESX Server 3.0.2 without patch ESX-1002434
   ESX Server 3.0.1 without patch ESX-1003176

3. Problem description:

   Updated VirtualCenter fixes the following application vulnerabilities

   Tomcat Server Security Update
   This release of VirtualCenter Server updates the Tomcat Server
   package from 5.5.17 to 5.5.25, which addresses multiple security
   issues that existed in the earlier releases of Tomcat Server.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to
   these issues.

   JRE Security Update
   This release of VirtualCenter Server updates the JRE package from
   1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in
   the earlier release of JRE.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CVE-2007-3004 to this issue.

   NOTE: These vulnerabilities can be exploited remotely only if the
         attacker has access to the service console network.

         Security best practices provided by VMware recommend that the
         service console be isolated from the VM network. Please see
         http://www.vmware.com/resources/techresources/726 for more
         information on VMware security best practices.

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

   VMware VirtualCenter 2.0.2 Update 2 Release Notes
   http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html

   VirtualCenter CD image
   md5sum d7d98a5d7f8afff32cee848f860d3ba7

   VirtualCenter as Zip
   md5sum 3b42ec350121659e10352ca2d76e212b

   ESX Server 3.0.2
   http://kb.vmware.com/kb/1002434
   md5sum: 2f52251f6ace3d50934344ef313539d5

   ESX Server 3.0.1
   http://kb.vmware.com/kb/1003176
   md5sum: 5674ca0dcfac90726014cc316444996e

5. References:

  CVE numbers
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce@lists.vmware.com
  * bugtraq@securityfocus.com
  * full-disclosure@lists.grok.org.uk

E-mail:  security@vmware.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHgthVS2KysvBH1xkRCPmqAJ0Vinlb3RZQH9syPorjnNJYkB+V/gCeN8pQ
3AnswXxHMvJR9mEM/eIymPM=
=CXyQ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F59939)

HP Security Bulletin 2007-14.47 (PacketStormID:F59939)
2007-10-10 00:00:00
Hewlett Packard  hp.com
advisory,arbitrary,vulnerability,xss
hpux
CVE-2005-2090,CVE-2006-5752,CVE-2007-0450,CVE-2007-0774,CVE-2007-1355,CVE-2007-1358,CVE-2007-1860,CVE-2007-1863,CVE-2007-1887,CVE-2007-1900,CVE-2007-2449,CVE-2007-2450,CVE-2007-2756,CVE-2007-2872,CVE-2007-3382,CVE-2007-3385,CVE-2007-3386
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01178795
Version: 1

HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-10-02
Last Updated: 2007-10-02

Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.

References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running Apache

BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. 

AFFECTED VERSIONS 

For IPv4: 
HP-UX B.11.11 
============= 
hpuxwsAPACHE 
action: install revision A.2.0.59.00 or subsequent 
restart Apache 
URL: https://www.hp.com/go/softwaredepot/ 

For IPv6: 
HP-UX B.11.11 
HP-UX B.11.23 
HP-UX B.11.31 
============= 
hpuxwsAPACHE,revision=B.1.0.00.01 
hpuxwsAPACHE,revision=B.1.0.07.01 
hpuxwsAPACHE,revision=B.1.0.08.01 
hpuxwsAPACHE,revision=B.1.0.09.01 
hpuxwsAPACHE,revision=B.1.0.10.01 
hpuxwsAPACHE,revision=B.2.0.48.00 
hpuxwsAPACHE,revision=B.2.0.49.00 
hpuxwsAPACHE,revision=B.2.0.50.00 
hpuxwsAPACHE,revision=B.2.0.51.00 
hpuxwsAPACHE,revision=B.2.0.52.00 
hpuxwsAPACHE,revision=B.2.0.53.00 
hpuxwsAPACHE,revision=B.2.0.54.00 
hpuxwsAPACHE,revision=B.2.0.55.00 
hpuxwsAPACHE,revision=B.2.0.56.00 
hpuxwsAPACHE,revision=B.2.0.58.00 
hpuxwsAPACHE,revision=B.2.0.58.01 

action: install revision B.2.0.59.00 or subsequent 
restart Apache 
URL: https://www.hp.com/go/softwaredepot/ 

END AFFECTED VERSIONS 


RESOLUTION
HP has made the following available to resolve the vulnerability. 
HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. 
The update is available on https://www.hp.com/go/softwaredepot/ 
Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. 

MANUAL ACTIONS: Yes - Update 
Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. 

PRODUCT SPECIFIC INFORMATION 
HP-UX Software Assistant: 
HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. 
For more information see: https://www.hp.com/go/swa 

HISTORY 
Revision: 1 (rev.1) - 02 October 2007 Initial release 

Third Party Security Patches: 
Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 


Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com 
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. 
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com 
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: 
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC 
On the web page: ITRC security bulletins and patch sign-up 
Under Step1: your ITRC security bulletins and patches 
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems 
  - verify your operating system selections are checked and save.


To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php 
Log in on the web page: Subscriber's choice for Business: sign-in. 
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.


To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do 


* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: 

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault


System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.


"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    

- 漏洞信息 (F125394)

Apache Tomcat Information Disclosure (PacketStormID:F125394)
2014-02-25 00:00:00
Mark Thomas  tomcat.apache.org
advisory,info disclosure
CVE-2005-2090,CVE-2013-4286
[点击下载]

Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 8.0.0-RC1
- - Apache Tomcat 7.0.0 to 7.0.42
- - Apache Tomcat 6.0.0 to 6.0.37

Description:
The fix for CVE-2005-2090 was not complete. It did not cover the
following cases:
- - content-length header with chunked encoding over any HTTP connector
- - multiple content-length headers over any AJP connector

Requests with multiple content-length headers or with a content-length
header when chunked encoding is being used should be rejected as
invalid. When multiple components (firewalls, caches, proxies and
Tomcat) process a sequence of requests where one or more requests
contain either multiple content-length headers or a content-length
header when chunked encoding is being used and several components do not
reject the request and make different decisions as to which
content-length header to use an attacker can poison a web-cache, perform
an XSS attack and obtain sensitive information from requests other then
their own. Tomcat now rejects requests with multiple content-length
headers or with a content-length header when chunked encoding is being
used.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.0-RC3 or later
  (8.0.0-RC2 contains the fix but was not released)
- - Upgrade to Apache Tomcat 7.0.47 or later
   (7.0.43 to 7.0.46 contain the fix but were not released)
- - Upgrade to Apache Tomcat 6.0.39 or later
   (6.0.38 contains the fix but was not released)

Credit:
This issue was identified by the Apache Tomcat security team while
investigating an invalid report related to CVE-2005-2090.

References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTDHw/AAoJEBDAHFovYFnn8HgP/107ixjTiS7es6ka2fXl01Ag
A2GUdevvgKXrbgtY6nVS1Sx65GZcG1k5Knpn6Cwg31dtipnEJmuk4+ScVlA43Jjy
8UpQbI0zm0oCgIRV6lRuYGn1kz5p7cSEF+s36QOAMym3qKNJ3YZn+pALVLgmF+D8
k7Yqe3Fwih68sJm3GRStZ9zlt5s7NNfHzSfnIe4wSyleA8xyK98Xa/8tlr3p0usK
J7V5Dz1VSmi8TRpzXUVl8cWjQrD+tCZOWrrBgkWs2oj/TXiVZfiAA5Cv7p1F7HoJ
ElF7dny5PJIFdAK3TU5WAkXRQJk2yp0FNv0YRSJGx4OLsiv+IrIXpVR4K12Hmc0n
T4RzqyhfB7VGtxrLC/PpC6hoqd+LkuT6uJJA8lcfc+F51UWSHtOV5iW0h2kC6olu
s/SKsljDOzx5L2nMdFGqs49cV4uIC8CFC8yP84EJO1gyRqyABxw3LwzUZvdMJ1Sl
29QM3vpMc3EypKXEZWe28Wbr7cZLK2oJt7pSF1DoPF/8DStYYhqztooKCyXAhjum
6Juf3C+w3HvaoR2YyIu5ZhbcGqkt0GHL+ZfvyPVcIFv+TeSYejmus0zdvQGWmnep
Fgsdlbz2dUg7ncvmj7LYwCv4U6yj2oYUgMaVrocNVB8bSg0qMnfByg0tc4h8XzDv
kNN3kqRWjmDaE37ZHywC
=YF3X
-----END PGP SIGNATURE-----
    

- 漏洞信息

43452
Apache Tomcat HTTP Request Smuggling
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2005-06-06 Unknow
2005-06-06 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站