漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2016-8745: 1403824: CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
CVE-2016-8735: The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.
1397485: CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener
CVE-2016-6816: 1397484: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
CVE-2016-6797: 1390493: CVE-2016-6797 tomcat: unrestricted access to global resources
CVE-2016-6796: 1390515: CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters
CVE-2016-6794: 1390520: CVE-2016-6794 tomcat: system property disclosure
CVE-2016-5388: 1353809: CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
CVE-2016-5018: 1390525: CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function
CVE-2016-3092: A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
1349468: CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
CVE-2016-1240: no details available
CVE-2016-0763: 1311093: CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
CVE-2016-0762: 1390526: CVE-2016-0762 tomcat: timing attack in Realm implementation
CVE-2016-0714: The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
1311082: CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
CVE-2016-0706: Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
1311087: CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Administrators are advised to apply the appropriate software updates.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论