Lucene search

GitHub Advisory DatabaseGHSA-XJGH-84HX-56C5

HistoryMay 14, 2022 - 1:07 a.m.

Unrestricted Upload of File with Dangerous Type Apache Tomcat

2022-05-1401:07:15

CWE-434

GitHub Advisory Database

github.com

221

apache tomcat

unrestricted upload

jsp file

security vulnerability.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

100.0%

JSON

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected configurations

Vulners

Node

org.apache.tomcattomcatRange8.0.0RC1–8.0.46

org.apache.tomcattomcatRange7.0.0–7.0.81

org.apache.tomcattomcatRange8.5.0–8.5.22

org.apache.tomcattomcatRange9.0.0.M1–9.0.0M27

VendorProductVersionCPE
org.apache.tomcattomcat*cpe:2.3:a:org.apache.tomcat:tomcat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.tomcat	tomcat	*	cpe:2.3:a:org.apache.tomcat:tomcat::::::::

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.securityfocus.com/bid/100954

www.securitytracker.com/id/1039552

access.redhat.com/errata/RHSA-2017:3080

access.redhat.com/errata/RHSA-2017:3081

access.redhat.com/errata/RHSA-2017:3113

access.redhat.com/errata/RHSA-2017:3114

access.redhat.com/errata/RHSA-2018:0268

access.redhat.com/errata/RHSA-2018:0269

access.redhat.com/errata/RHSA-2018:0270

access.redhat.com/errata/RHSA-2018:0271

access.redhat.com/errata/RHSA-2018:0275

access.redhat.com/errata/RHSA-2018:0465

access.redhat.com/errata/RHSA-2018:0466

access.redhat.com/errata/RHSA-2018:2939

github.com/advisories/GHSA-xjgh-84hx-56c5

github.com/apache/tomcat/commit/24aea94807f940ee44aa550378dc903289039ddd

github.com/apache/tomcat/commit/31e99502e2c602449a2f8835bd23ade772b77333

github.com/apache/tomcat/commit/327e8a6644e188764325a013aa2725a60f1b37e5

github.com/apache/tomcat/commit/46dfedbc0523d7182be97f4244d7b6c942164485

github.com/apache/tomcat/commit/4cf7dab88282c8f3c92f0b961cdb0096e1d63e88

github.com/apache/tomcat/commit/506d862e7edfa991de198e0f2e4c4540830fa531

github.com/apache/tomcat/commit/512a3c3aecdb52de092c6bacddd71b85c4feda06

github.com/apache/tomcat/commit/74ad0e216c791454a318c1811300469eedc5c6f3

github.com/apache/tomcat/commit/a9dd96046d7acb0357c6b7b9e6cc70d186fae663

github.com/apache/tomcat/commit/b577f9a7996b92b650b1649af3c3bae11c120db9

github.com/apache/tomcat/commit/b7e0435d17aba69f16ae9e8a78ad0f1565b552af

github.com/apache/tomcat/commit/bbcbb749c75056a2781f37038d63e646fe972104

github.com/apache/tomcat/commit/c177e9668d1278710bdb14c0eb8d2702b3655f5a

github.com/apache/tomcat/commit/cf0b37beb0622abdf24acc7110daf883f3fe4f95

github.com/apache/tomcat/commit/d5b170705d24c386d76038e5989045c89795c28c

github.com/apache/tomcat/commit/e650cf1b83e441dbd3863f3f6b61c972cafce19e

github.com/apache/tomcat/commit/f1b85da754c4760787d68a99e839b50878140b57

github.com/apache/tomcat/commit/fd52f8601170b91f9d7162510e54563e5bf6bdfe

lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E

lists.debian.org/debian-lts-announce/2017/11/msg00009.html

nvd.nist.gov/vuln/detail/CVE-2017-12617

security.netapp.com/advisory/ntap-20171018-0002

security.netapp.com/advisory/ntap-20180117-0002

support.f5.com/csp/article/K53173544

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

usn.ubuntu.com/3665-1

web.archive.org/web/20171110171954/www.securityfocus.com/bid/100954

web.archive.org/web/20201209024734/www.securitytracker.com/id/1039552

www.exploit-db.com/exploits/42966

www.exploit-db.com/exploits/43008

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

100.0%

JSON

Unrestricted Upload of File with Dangerous Type Apache Tomcat

Affected configurations

References

Related