Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache Tomcat 9.0.0.M1
- - Earlier, unsupported Tomcat versions may be affected
Description:
Tomcat provides several session persistence mechanisms. The
StandardManager persists session over a restart. The PersistentManager
is able to persist sessions to files, a database or a custom Store. The
Cluster implementation persists sessions to one or more additional nodes
in the cluster. All of these mechanisms could be exploited to bypass a
security manager. Session persistence is performed by Tomcat code with
the permissions assigned to Tomcat internal code. By placing a carefully
crafted object into a session, a malicious web application could trigger
the execution of arbitrary code.
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 9.0.0.M3 or later
(9.0.0.M2 has the fix but was not released)
- - Upgrade to Apache Tomcat 8.0.32 or later
(8.0.31 has the fix but was not released)
- - Upgrade to Apache Tomcat 7.0.68 or later
- - Upgrade to Apache Tomcat 6.0.45 or later
Credit:
This issue was discovered by The Apache Tomcat Security Team.
References:
[1] http://tomcat.apache.org/
[2] http://tomcat.apache.org/
[3] http://tomcat.apache.org/
[4] http://tomcat.apache.org/
Komentarų nėra:
Rašyti komentarą