Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-00937

Опубликовано: 24 фев. 2020
Источник: fstec
CVSS3: 9.8
CVSS2: 10
EPSS Критический

Описание

Уязвимость Apache Jserv Protocol - коннектора сервера приложений Apache Tomcat связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Вендор

Сообщество свободного программного обеспечения
ООО «РусБИТех-Астра»
Oracle Corp.
Novell Inc.
Fedora Project
Apache Software Foundation
АО «Концерн ВНИИНС»

Наименование ПО

Debian GNU/Linux
Astra Linux Special Edition
Agile Engineering Data Management
OpenSUSE Leap
Fedora
Oracle Hospitality Guest Access
Apache Tomcat
Oracle Communications Element Manager
Oracle Agile PLM
MySQL Enterprise Monitor
Communications Instant Messaging Server
Oracle Health Sciences Empirica Inspections
Oracle Health Sciences Empirica Signal
Siebel UI Framework
ОС ОН «Стрелец»

Версия ПО

9 (Debian GNU/Linux)
1.6 «Смоленск» (Astra Linux Special Edition)
6.2.1 (Agile Engineering Data Management)
15.1 (OpenSUSE Leap)
30 (Fedora)
4.2.0 (Oracle Hospitality Guest Access)
4.2.1 (Oracle Hospitality Guest Access)
31 (Fedora)
от 7.0.0 до 7.0.99 включительно (Apache Tomcat)
от 8.5.0 до 8.5.50 включительно (Apache Tomcat)
от 9.0.0 до 9.0.30 включительно (Apache Tomcat)
32 (Fedora)
8.1.1 (Oracle Communications Element Manager)
8.2.0 (Oracle Communications Element Manager)
9.3.3 (Oracle Agile PLM)
9.3.5 (Oracle Agile PLM)
9.3.6 (Oracle Agile PLM)
8.2.1 (Oracle Communications Element Manager)
до 4.0.12 включительно (MySQL Enterprise Monitor)
до 8.0.20 включительно (MySQL Enterprise Monitor)
10.0.1.4.0 (Communications Instant Messaging Server)
1.0.1.2 (Oracle Health Sciences Empirica Inspections)
7.3.3 (Oracle Health Sciences Empirica Signal)
до 20.5 включительно (Siebel UI Framework)
до 16.01.2023 (ОС ОН «Стрелец»)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое программное средство

Операционные системы и аппаратные платформы

Сообщество свободного программного обеспечения Debian GNU/Linux 9
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.6 «Смоленск»
Novell Inc. OpenSUSE Leap 15.1
Fedora Project Fedora 30
Fedora Project Fedora 31
АО «Концерн ВНИИНС» ОС ОН «Стрелец» до 16.01.2023

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Apache Tomcat:
https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=96534575
Для программных продуктов Oracle:
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
Для Fedora Project:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-1938/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-1938
Для ОС ОН «Стрелец»:
Обновление программного обеспечения tomcat8 до версии 8.5.54-0+deb9u8

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 100%
0.94469
Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2020-1938

CVSS3: 9.8
ubuntu
больше 5 лет назад

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, a...

redhat логотип

CVE-2020-1938

CVSS3: 7.6
redhat
больше 5 лет назад

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, a...

nvd логотип

CVE-2020-1938

CVSS3: 9.8
nvd
больше 5 лет назад

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, alon

debian логотип

CVE-2020-1938

CVSS3: 9.8
debian
больше 5 лет назад

When using the Apache JServ Protocol (AJP), care must be taken when tr ...

suse-cvrf логотип

SUSE-SU-2020:14334-1

suse-cvrf
около 5 лет назад

Security update for tomcat6

EPSS

Процентиль: 100%
0.94469
Критический

9.8 Critical

CVSS3

10 Critical

CVSS2