You are here

T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information

August 31, 2011 - 12:00pm

Addthis

PROBLEM:

A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information.

PLATFORM:

Apache Tomcat 5.5.0 to 5.5.33, 6.0.0 to 6.0.33, 7.0.0 to 7.0.20

ABSTRACT:

Apache Tomcat AJP protocol processing bug lets remote users bypass authentication or obtain information.

 reference LINKS:

SecurityTracker Alert ID: 1025993
CVE-2011-3190 (under review)
Apache Tomcat Security Updates

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Apache Tomcat. A remote user can bypass authentication or obtain potentially sensitive information. A remote user can send a specially crafted request to submit a user-controlled AJP protocol message to the Tomcat server. This can be exploited to spoof the name of the target user and the client IP address and bypass authentication or obtain responses intended for different users. The following AJP connector implementations are affected: org.apache.coyote.ajp.AjpProtocol (6.0.x, 7.0.x - default) org.apache.coyote.ajp.AjpNioProtocol (7.0.x) org.apache.coyote.ajp.AjpAprProtocol (5.5.x, 6.0.x, 7.0.x) The 'org.apache.jk.server.JkCoyoteHandler' AJP connector implementation is not affected. Systems where POST requests are accepted and the request body is not processed are affected.

Impact:

A remote user can bypass authentication or obtain potentially sensitive information.

Solution:

Apache Tomcat has issued a source code fix
Apache Tomcat Security Updates
 

Addthis