RHSA-2017:0935: Moderate: tomcat security update
First published: Wed Apr 12 2017(Updated: )
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.<br>Security Fix(es):<br><li> It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)</li> Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. <br><li> A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tomcat | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-admin-webapps | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-docs-webapp | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-el | <2.2-api-7.0.69-11.el7_3 | 2.2-api-7.0.69-11.el7_3 |
| redhat/tomcat-javadoc | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-jsp | <2.2-api-7.0.69-11.el7_3 | 2.2-api-7.0.69-11.el7_3 |
| redhat/tomcat-jsvc | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-lib | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
| redhat/tomcat-servlet | <3.0-api-7.0.69-11.el7_3 | 3.0-api-7.0.69-11.el7_3 |
| redhat/tomcat-webapps | <7.0.69-11.el7_3 | 7.0.69-11.el7_3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2017:0935?
The severity of RHSA-2017:0935 is classified as important due to the potential exploitation of the vulnerability.
How do I fix RHSA-2017:0935?
To fix RHSA-2017:0935, update your Apache Tomcat installation to version 7.0.69-11.el7_3 or later.
Which packages are affected by RHSA-2017:0935?
The affected packages in RHSA-2017:0935 include tomcat, tomcat-admin-webapps, tomcat-docs-webapp, and other related tomcat packages.
Is it necessary to reboot the server after applying the fix for RHSA-2017:0935?
A reboot is not typically required after applying the fix for RHSA-2017:0935, but it is advisable to restart the Tomcat service.
What types of attacks can RHSA-2017:0935 protect against?
RHSA-2017:0935 protects against attacks that attempt to exploit invalid characters in HTTP request lines, potentially compromising server security.
- agent/severity
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2017:0935
- agent/software-canonical-lookup
- agent/remedy
- agent/references
- agent/tags
- agent/event
- agent/source
- package-manager/redhat