ALAS-2016-681

Description

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174 )The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345 )The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714 )It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
tomcat6 tomcat6-6.0.45-1.4.amzn1.noarch
tomcat6 tomcat6-6.0.45-1.4.amzn1.src
tomcat6-admin-webapps tomcat6-admin-webapps-6.0.45-1.4.amzn1.noarch
tomcat6-docs-webapp tomcat6-docs-webapp-6.0.45-1.4.amzn1.noarch
tomcat6-el-2.1-api tomcat6-el-2.1-api-6.0.45-1.4.amzn1.noarch
tomcat6-javadoc tomcat6-javadoc-6.0.45-1.4.amzn1.noarch
tomcat6-jsp-2.1-api tomcat6-jsp-2.1-api-6.0.45-1.4.amzn1.noarch
tomcat6-lib tomcat6-lib-6.0.45-1.4.amzn1.noarch
tomcat6-servlet-2.5-api tomcat6-servlet-2.5-api-6.0.45-1.4.amzn1.noarch
tomcat6-webapps tomcat6-webapps-6.0.45-1.4.amzn1.noarch