tomcat-7.0.76-3.el7
エラータID: AXSA:2017-2389:05
リリース日:
2017/11/01 Wednesday - 17:35
題名:
tomcat-7.0.76-3.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- HTTP PUT が有効な状態で Apache Tomcat を実行する際に,
リモートの攻撃者が、巧妙に細工されたリクエストにより
サーバに JSP をアップロードし,またアップロードされた
JSP ファイルをリクエストすることにより任意のコードを
サーバが実行する脆弱性があります。
(CVE-2017-12615,CVE-2017-12617)
- Apache Tomcat には、パイプライン化されたリクエストの処理に
バグが存在し,send file を用いた場合,あるリクエストが完了
した際にパイプライン化されたリクエストが消失し,クライアントが
誤った応答を得る可能性がある脆弱性があります。(CVE-2017-5647)
- Apache Tomcat の CORS Filter は,Origin に依存してレス
ポンスが変わることを示す HTTP Vary ヘッダを追加しておらず,
状況により,クライアントとサーバサイドでキャッシュポイズニン
グ攻撃が可能な脆弱性があります。(CVE-2017-7674)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-5647
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
CVE-2017-7674
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat-7.0.76-3.el7.src.rpm
MD5: 7719489a7bde216578e8c94cc174389e
SHA-256: 51cc143d36f5bcb9b739e30eb9b287950f918ba3f0c14b9cd94917766aaaffbb
Size: 4.58 MB
Asianux Server 7 for x86_64
- tomcat-7.0.76-3.el7.noarch.rpm
MD5: 92c6e9d9bc3ede01f10f445d18aa4c97
SHA-256: c53c87c863335b81a174eaaeaa182103fb835defad35ca7eaf38e0bad7ea9e7e
Size: 89.05 kB - tomcat-admin-webapps-7.0.76-3.el7.noarch.rpm
MD5: 54a167654361bbbe208af6ad3a2e919f
SHA-256: bf986689561ac8d869b04393ddd87b794685c119f7304bf8530981b2d729050c
Size: 37.49 kB - tomcat-el-2.2-api-7.0.76-3.el7.noarch.rpm
MD5: b5176fcc300e8239bce8a9e3089185c7
SHA-256: a0ec6d88c2a3226ef0583b5ac611d46ac160bda9c24cdb6285dbbe7b4486c311
Size: 78.75 kB - tomcat-jsp-2.2-api-7.0.76-3.el7.noarch.rpm
MD5: 551956d4d0df23a5a32d1dfa3d44191d
SHA-256: 68af529d09c9082408eea16ffce11bcd997dade79b4f69c37d6050292863863b
Size: 92.46 kB - tomcat-lib-7.0.76-3.el7.noarch.rpm
MD5: 57329451e0742a211f23a68be3a2725e
SHA-256: 0c772f492e7f3d388c7dd311de75b6ae5da735f47bc97a80d47de96643b1a6c0
Size: 3.85 MB - tomcat-servlet-3.0-api-7.0.76-3.el7.noarch.rpm
MD5: 0820ae904ab0a0d6e9df196cd9350cdd
SHA-256: a85a660808ffa5edaeac8f5b2207a4e995599f2b00e87aa64befa142321642ad
Size: 209.83 kB - tomcat-webapps-7.0.76-3.el7.noarch.rpm
MD5: b6770e53bb2eac88aa864db6046b0d25
SHA-256: 98da9bbacecc646a08be3cfd64423ff36d2fd21604ca2cb391ea4426ecd4f05b
Size: 338.36 kB
English