Linux Security
    Linux Security
    Linux Security

    Ubuntu 4557-1: Tomcat vulnerabilities

    Date
    89
    Posted By
    Several security issues were fixed in Tomcat.
    ==========================================================================
    Ubuntu Security Notice USN-4557-1
    September 30, 2020
    
    tomcat6 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Several security issues were fixed in Tomcat.
    
    Software Description:
    - tomcat6: Servlet and JSP engine
    
    Details:
    
    It was discovered that the Tomcat realm implementations incorrectly handled
    passwords when a username didn't exist. A remote attacker could possibly
    use this issue to enumerate usernames. (CVE-2016-0762)
    
    Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly
    limited use of a certain utility method. A malicious application could
    possibly use this to bypass Security Manager restrictions. (CVE-2016-5018)
    
    It was discovered that Tomcat incorrectly controlled reading system
    properties. A malicious application could possibly use this to bypass
    Security Manager restrictions. (CVE-2016-6794)
    
    It was discovered that Tomcat incorrectly controlled certain configuration
    parameters. A malicious application could possibly use this to bypass
    Security Manager restrictions. (CVE-2016-6796)
    
    It was discovered that Tomcat incorrectly limited access to global JNDI
    resources. A malicious application could use this to access any global JNDI
    resource without an explicit ResourceLink. (CVE-2016-6797)
    
    Regis Leroy discovered that Tomcat incorrectly filtered certain invalid
    characters from the HTTP request line. A remote attacker could possibly
    use this issue to inject data into HTTP responses. (CVE-2016-6816)
    
    Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not
    implement a recommended fix. A remote attacker could possibly use this
    issue to execute arbitrary code. (CVE-2016-8735)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 16.04 LTS:
      libservlet2.5-java              6.0.45+dfsg-1ubuntu0.1
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4557-1
      CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796,
      CVE-2016-6797, CVE-2016-6816, CVE-2016-8735
    
    Package Information:
      https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.