4
MEDIUM

CVE-2018-1305

Published: 23/02/2018 Updated: 18/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

Vulnerability Summary

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

A vulnerability in Apache Tomcat could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system.

The vulnerability is due to improper security restrictions imposed by the affected software. An attacker could exploit this vulnerability by submitting a crafted URL to the targeted system. Once the system processes the crafted URL, the attacker could bypass security restrictions. A successful exploit could allow the attacker to access restricted resources on the targeted system.

The Apache Software Foundation has confirmed the vulnerability and released software updates.

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Access Complexity: LOW
Authentication: SINGLE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.51, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.58, 7.0.59, 7.0.60, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.66, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.71, 7.0.72, 7.0.73, 7.0.74, 7.0.75, 7.0.76, 7.0.77, 7.0.78, 7.0.79, 7.0.80, 7.0.81, 7.0.82, 7.0.83, 7.0.84, 8.0.0, 8.0.1, 8.0.2, 8.0.4, 8.0.6, 8.0.7, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33, 8.0.34, 8.0.35, 8.0.36, 8.0.37, 8.0.38, 8.0.39, 8.0.40, 8.0.41, 8.0.42, 8.0.43, 8.0.44, 8.0.47, 8.0.48, 8.0.49, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.23, 8.5.24, 8.5.27, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4
DebianDebian Linux7.0

Mitigation

Administrators are advised to apply the appropriate software updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

Exploitation

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall in order to send a crafted URL to be processed by the targeted system. This access requirement may reduce the likelihood of a successful exploit.

Mailing Lists

Github Repositories

Aware IM Developer Resources Aware IM is a rapid application development tool that lets you create powerful aesthetically appealing web applications quickly. Aware IM developer tools, tips, news and resources. Changelog Software Written in 100% Java programming language. Aware IM is based on the plethora of Java technologies such as J2EE application server, JDBC, JMS, JSP/

Apache Tomcat 安全绕过漏洞 近日,Apache发布安全公告称Apache Tomcat 7、8、9多个版本存在安全绕过漏洞。攻击者可以利用这个问题,绕过某些安全限制来执行未经授权的操作,这可能有助于进一步攻击。 Apache Tomcat servlet 注释定义的安全约束,只在servlet加载后才应用一次。由于以这种方式定

References