Summary
This host is running Apache Tomcat and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain access to potentially sensitive internal information or crash the program.
Impact Level: Application
Solution
Upgrade to version 6.0.39 or 7.0.50 or 8.0.0-RC10 or later, For Updates refer to http://tomcat.apache.org
Insight
Multiple flaws are due to,
- Error when handling a request for specially crafted malformed header (i.e. whitespace after the : in a trailing header).
- Improper parsing of XML data to an incorrectly configured XML parser accepting XML external entities from an untrusted source.
Affected
Apache Tomcat version before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4322, CVE-2013-4590 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability