ALAS-2016-679

Description

ResourceLinkFactory.setGlobalContext() is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. (CVE-2016-0763 )A session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. (CVE-2015-5346 )The Manager and Host Manager applications were discovered to establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. (CVE-2015-5351 )The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714 )It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
tomcat8 tomcat8-8.0.32-1.59.amzn1.noarch
tomcat8 tomcat8-8.0.32-1.59.amzn1.src
tomcat8-admin-webapps tomcat8-admin-webapps-8.0.32-1.59.amzn1.noarch
tomcat8-docs-webapp tomcat8-docs-webapp-8.0.32-1.59.amzn1.noarch
tomcat8-el-3.0-api tomcat8-el-3.0-api-8.0.32-1.59.amzn1.noarch
tomcat8-javadoc tomcat8-javadoc-8.0.32-1.59.amzn1.noarch
tomcat8-jsp-2.3-api tomcat8-jsp-2.3-api-8.0.32-1.59.amzn1.noarch
tomcat8-lib tomcat8-lib-8.0.32-1.59.amzn1.noarch
tomcat8-log4j tomcat8-log4j-8.0.32-1.59.amzn1.noarch
tomcat8-servlet-3.1-api tomcat8-servlet-3.1-api-8.0.32-1.59.amzn1.noarch
tomcat8-webapps tomcat8-webapps-8.0.32-1.59.amzn1.noarch