Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3vx3-xf6q-r5xp

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 9.1

Описание

Exposure of Resource to Wrong Sphere in Apache Tomcat

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 9.0.0.M1, <= 9.0.0.M17

9.0.0.M18

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 8.5.0, <= 8.5.12

8.5.13

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 8.0.0, <= 8.0.41

8.0.42

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 7.0.0, <= 7.0.75

7.0.76

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven
Затронутые версииВерсия исправления

>= 9.0.0.M1, <= 9.0.0.M17

9.0.0.M18

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven
Затронутые версииВерсия исправления

>= 8.5.0, <= 8.5.12

8.5.13

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven
Затронутые версииВерсия исправления

>= 8.0.0, <= 8.0.41

8.0.42

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven
Затронутые версииВерсия исправления

>= 7.0.0, <= 7.0.75

7.0.76

EPSS

Процентиль: 91%
0.06455
Низкий

9.1 Critical

CVSS3

Дефекты

CWE-668

Связанные уязвимости

CVSS3: 9.1
ubuntu
больше 8 лет назад

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

CVSS3: 3.6
redhat
больше 8 лет назад

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

CVSS3: 9.1
nvd
больше 8 лет назад

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

CVSS3: 9.1
debian
больше 8 лет назад

While investigating bug 60718, it was noticed that some calls to appli ...

oracle-oval
около 8 лет назад

ELSA-2017-1809: tomcat security update (IMPORTANT)

EPSS

Процентиль: 91%
0.06455
Низкий

9.1 Critical

CVSS3

Дефекты

CWE-668