Security Bulletin
Summary
IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of Apache Tomcat libraries (CVE-2005-3164, CVE-2005-4836, CVE-2005-4838, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128, CVE-2007-5333, CVE-2008-1232, CVE-2008-2370, CVE-2008-4308, CVE-2009-0781, CVE-2008-5519, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, CVE-2008-5515, CVE-2009-3548, CVE-2009-2696, CVE-2012-5568, CVE-2013-6357, CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2013-4444, CVE-2020-8022)
Vulnerability Details
CVEID: CVE-2005-3164
DESCRIPTION: The Hitachi Cosminexus Application Server could disclose sensitive information. A remote attacker could send a specially-crafted HTTP post request without a body to obtain the body data from the previous HTTP request. A remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/22506 for the current score.
CVSS Vector:
CVEID: CVE-2005-4836
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to reject NULL bytes in a URL by the HTTP/1.1 connector. If allowLinking="true" is configured for the contexts, an attacker could exploit this vulnerability to read JSP files and obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40736 for the current score.
CVSS Vector:
CVEID: CVE-2005-4838
DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting. A remote authenticated attacker could embed malicious script in a URL request to the Tomcat Manager, which would be executed in the victim's Web browser within the security context of the hosting site, `once the link is clicked.
CVSS Base score: 3.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/18790 for the current score.
CVSS Vector:
CVEID: CVE-2007-2449
DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the JSP example Web application. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/34869 for the current score.
CVSS Vector:
CVEID: CVE-2007-5461
DESCRIPTION: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14,under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
CVSS Base score: 3.5
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVEID: CVE-2008-0128
DESCRIPTION: Apache Tomcat could allow a remote attacker from within the local network to obtain sensitive information. When the SingleSignOn valve is set up to work over HTTPS, the JSESSIONIDSSO cookie is transmitted over insecure channels. By sending an HTTP request, an attacker could exploit this vulnerability to obtain the cookie and other sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/39804 for the current score.
CVSS Vector: (AV:A/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2007-5333
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused improper handling of quotes and %5C character sequences within cookie values. An attacker could exploit this vulnerability to obtain cookie information, including the session ID.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40403 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2008-1232
DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HttpServletResponse.sendError() function. A remote attacker could exploit this vulnerability using the "Reason-Phrase" of an HTTP response to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44155 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2008-2370
DESCRIPTION: Apache Tomcat could allow a remote attacker to traverse directories on the system, caused by the normalization of the target path prior to removing the query string from the URI when using a RequestDispatcher. An attacker could send a specially-crafted request containing "dot dot" sequences (/../) in the request parameter to read arbitrary files on the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44156 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2008-4308
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper processing of POST data by the doRead method. A remote attacker could exploit this vulnerability to obtain the stored information of previous POST requests.
Note: This vulnerability also affects multiple Fujitsu INTERSTAGE products.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/48934 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2009-0781
DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jsp/cal/cal2.jsp script in the calendar application within the examples Web application. A remote attacker could exploit this vulnerability using the time parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2008-5519
DESCRIPTION: The mod_jk module for Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when handing certain HTTP requests. By sending multiple HTTP POST requests containing a specially-crafted Content-Length header, an attacker could exploit this vulnerability to obtain response data intended for the victim.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/49725 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2009-0033
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of header files by the Java AJP connector. By sending a specially-crafted HTTP header request, a remote attacker could exploit this vulnerability to block the mod_jk load balancer which temporarily blocks connectivity to the server.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/50928 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2009-0580
DESCRIPTION: Apache Tomcat could allow an attacker to obtain sensitive information, caused by an error in the authentication form. A different password prompt is returned when a login attempt is made via an invalid username. If j_security_check is used in conjunction with MemoryRealm, DataSourceRealm, or JDBCRealm, a remote attacker could exploit this vulnerability, using brute force techniques, to enumerate valid usernames and gain unauthorized access to the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/50930 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2009-0783
DESCRIPTION: Apache Tomcat could allow a local attacker to obtain sensitive information, caused by the replacement of an XML parser by Web applications. A local attacker could exploit this vulnerability using a previously loaded application to read the we.xml, context.xml, or tld files of other applications.
CVSS Base score: 2.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/51195 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2008-5515
DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the normalization of the target path prior to filtering the query string when using a RequestDispatcher. An attacker could send a specially-crafted request containing "dot dot" sequences (/../) and the WEB-INF directory in the request parameter to gain unauthorized access to the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/51365 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2009-3548
DESCRIPTION: The Apache Tomcat Windows installer defaults to a blank password for the admin account when one is not provided during the installation process. A remote attacker could exploit this vulnerability to gain administrative access to the application.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/54182 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2009-2696
DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jsp/cal/cal2.jsp script in the calendar application within the examples Web application. A remote attacker could exploit this vulnerability using the time parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/60962 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2012-5568
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a slowloris attack. By opening connections to the web server and sending a partial request accompanied with partial HTTP headers, a remote attacker could keep the connections open and prevent further connection attempts from clients.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/80317 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVEID: CVE-2013-6357
DESCRIPTION: Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Manager application. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88471 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-2185
DESCRIPTION: Red Hat JBoss Enterprise Application Platform could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the implementation of the DiskFileItem class. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability using serialized instance of the DiskFileItem class to upload a file containing a NULL byte, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/87273 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVEID: CVE-2013-4286
DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91426 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-4322
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91625 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-4590
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91424 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-0075
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an integer overflow in the parseChunkHeader function. A remote attacker could exploit this vulnerability using a malformed chunk size as part of a chunked request to consume all available resources.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93365 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-0096
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93367 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-0099
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93369 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-0119
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93368 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-4444
DESCRIPTION: Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95876 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVEID: CVE-2020-8022
DESCRIPTION: tomcat package for openSUSE could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permission flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0-7.3.0.9 |
Remediation/Fixes
| Fix | How to acquire fix |
| 7.3-TIV-ITADDM-FP00010 | Download FixPack |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
24 Jan 2023: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
27 January 2023
UID
ibm16858013