Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-6994

ActiveMQ 5.15.4 tomcat-servlet-api-8.0.24.jar which has four high severity CVEs against it.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.15.4
    • Fix Version/s: 5.15.5
    • Component/s: Web Console
    • Labels:
      None
    • Environment:

      Description

      ActiveMQ 5.15.4 tomcat-servlet-api-8.0.24.jar  which has four high severity CVEs against it.
      Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and running the OWASP report.

      Referenced In Projects/Scopes:
      ActiveMQ :: Assembly:compile
      ActiveMQ :: Web:provided
      ActiveMQ :: Web Console:provided

      CVE-2016-3092 Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
      CWE: CWE-20 Improper Input Validation
      The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before
      9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
      BID - 91453
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743480
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743722
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743738
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1743742
      CONFIRM - http://tomcat.apache.org/security-7.html
      CONFIRM - http://tomcat.apache.org/security-8.html
      CONFIRM - http://tomcat.apache.org/security-9.html
      CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
      CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
      CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
      CONFIRM - http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
      CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1349468
      CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
      CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
      CONFIRM - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
      DEBIAN - DSA-3609
      DEBIAN - DSA-3611
      DEBIAN - DSA-3614
      GENTOO - GLSA-201705-09
      JVN - JVN#89379547
      JVNDB - JVNDB-2016-000121
      MLIST - [dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability
      REDHAT - RHSA-2016:2068
      REDHAT - RHSA-2016:2069
      REDHAT - RHSA-2016:2070
      REDHAT - RHSA-2016:2071
      REDHAT - RHSA-2016:2072
      REDHAT - RHSA-2016:2599
      REDHAT - RHSA-2016:2807
      REDHAT - RHSA-2016:2808
      REDHAT - RHSA-2017:0455
      REDHAT - RHSA-2017:0456
      REDHAT - RHSA-2017:0457
      SECTRACK - 1036427
      SECTRACK - 1036900
      SECTRACK - 1037029
      SECTRACK - 1039606
      SUSE - openSUSE-SU-2016:2252
      UBUNTU - USN-3024-1
      UBUNTU - USN-3027-1
      Vulnerable Software & Versions: (show all)
      cpe:/a:apache:tomcat:8.0.24

      CVE-2016-5425  Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
      CWE: CWE-264 Permissions, Privileges, and Access Controls
      The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib
      /tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
      BID - 93472
      CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
      EXPLOIT-DB - 40488
      MISC - http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
      MISC - http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html
      MLIST - [oss-security] 20161010 CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora,
      OracleLinux, RedHat etc.)
      REDHAT - RHSA-2016:2046
      SECTRACK - 1036979
      Vulnerable Software & Versions:
      cpe:/a:apache:tomcat

      CVE-2016-6325   Severity:High  CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
      CWE: CWE-264 Permissions, Privileges, and Access Controls
      The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and
      (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
      BID - 93478
      CONFIRM - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
      CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1367447
      REDHAT - RHSA-2016:2045
      REDHAT - RHSA-2016:2046
      REDHAT - RHSA-2017:0455
      REDHAT - RHSA-2017:0456
      REDHAT - RHSA-2017:0457
      Vulnerable Software & Versions:
      cpe:/a:apache:tomcat:-

      CVE-2016-8735 Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C/I/A)
      CWE: CWE-284 Improper Access Control
      Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if
      JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427
      Oracle patch that affected credential types.
      BID - 94463
      CONFIRM - http://seclists.org/oss-sec/2016/q4/502
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1767644
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1767656
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1767676
      CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1767684
      CONFIRM - http://tomcat.apache.org/security-6.html
      CONFIRM - http://tomcat.apache.org/security-7.html
      CONFIRM - http://tomcat.apache.org/security-8.html
      CONFIRM - http://tomcat.apache.org/security-9.html
      CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
      CONFIRM - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
      CONFIRM - https://security.netapp.com/advisory/ntap-20180607-0001/
      DEBIAN - DSA-3738
      REDHAT - RHSA-2017:0455
      REDHAT - RHSA-2017:0456
      REDHAT - RHSA-2017:0457
      SECTRACK - 1037331
      Vulnerable Software & Versions: (show all)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ABakerIII Albert Baker
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: