Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
| Tomcat | Apache | 7.0.0-beta (including) | 7.0.0-beta (including) |
| Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
| Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
| Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |
| Tomcat | Apache | 7.0.4 (including) | 7.0.4 (including) |
| Tomcat | Apache | 7.0.5 (including) | 7.0.5 (including) |
| Tomcat | Apache | 7.0.6 (including) | 7.0.6 (including) |
| Tomcat | Apache | 7.0.7 (including) | 7.0.7 (including) |
| Tomcat | Apache | 7.0.8 (including) | 7.0.8 (including) |
| Tomcat | Apache | 7.0.9 (including) | 7.0.9 (including) |
| Tomcat | Apache | 7.0.10 (including) | 7.0.10 (including) |
| Tomcat | Apache | 7.0.11 (including) | 7.0.11 (including) |
| Tomcat | Apache | 7.0.12 (including) | 7.0.12 (including) |
| Tomcat | Apache | 7.0.13 (including) | 7.0.13 (including) |
| Tomcat | Apache | 7.0.14 (including) | 7.0.14 (including) |
| Tomcat | Apache | 7.0.16 (including) | 7.0.16 (including) |
| Tomcat | Apache | 7.0.17 (including) | 7.0.17 (including) |
| Tomcat | Apache | 7.0.19 (including) | 7.0.19 (including) |
| Tomcat | Apache | 7.0.20 (including) | 7.0.20 (including) |
| Red Hat Enterprise Linux 6 | RedHat | tomcat6-0:6.0.24-35.el6_1 | * |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | RedHat | tomcat5-0:5.5.33-27_patch_07.ep5.el5 | * |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | RedHat | tomcat6-0:6.0.32-24_patch_07.ep5.el5 | * |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | RedHat | tomcat5-0:5.5.33-28_patch_07.ep5.el6 | * |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | RedHat | tomcat6-0:6.0.32-24_patch_07.ep5.el6 | * |
| Red Hat JBoss Web Server 1.0 | RedHat | * | |
| Red Hat JBoss Web Server 1.0 | RedHat | * | |
| Tomcat5.5 | Ubuntu | hardy | * |
| Tomcat5.5 | Ubuntu | upstream | * |
| Tomcat6 | Ubuntu | lucid | * |
| Tomcat6 | Ubuntu | maverick | * |
| Tomcat6 | Ubuntu | natty | * |
| Tomcat6 | Ubuntu | upstream | * |
| Tomcat7 | Ubuntu | devel | * |
| Tomcat7 | Ubuntu | oneiric | * |
| Tomcat7 | Ubuntu | upstream | * |
References
- http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2
- http://secunia.com/advisories/45748
- http://secunia.com/advisories/48308
- http://secunia.com/advisories/49094
- http://secunia.com/advisories/57126
- http://securityreason.com/securityalert/8362
- http://www.debian.org/security/2012/dsa-2401
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
- http://www.securityfocus.com/archive/1/519466/100/0/threaded
- http://www.securityfocus.com/bid/49353
- http://www.securitytracker.com/id?1025993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
- https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
- http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2
- http://secunia.com/advisories/45748
- http://secunia.com/advisories/48308
- http://secunia.com/advisories/49094
- http://secunia.com/advisories/57126
- http://securityreason.com/securityalert/8362
- http://www.debian.org/security/2012/dsa-2401
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
- http://www.securityfocus.com/archive/1/519466/100/0/threaded
- http://www.securityfocus.com/bid/49353
- http://www.securitytracker.com/id?1025993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
- https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465