WID-SEC-W-2023-2628
Vulnerability from csaf_certbund
Published
2023-10-10 22:00
Modified
2025-01-19 23:00
Summary
Apache Tomcat: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2628 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2628.json", }, { category: "self", summary: "WID-SEC-2023-2628 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2628", }, { category: "external", summary: "Apache Tomcat 8 Changelog vom 2023-10-10", url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", }, { category: "external", summary: "Apache Tomcat 9 Changelog vom 2023-10-10", url: "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", }, { category: "external", summary: "Debian Security Advisory DSA-5522 vom 2023-10-11", url: "https://www.debian.org/security/2023/dsa-5522", }, { category: "external", summary: "Debian Security Advisory DSA-5521 vom 2023-10-11", url: "https://www.debian.org/security/2023/dsa-5521", }, { category: "external", summary: "Debian Security Advisory DLA-3617 vom 2023-10-13", url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-016 vom 2023-10-18", url: "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-016.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASTOMCAT9-2023-010 vom 2023-10-18", url: "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2023-010.html", }, { category: "external", summary: "GitHub Security Advisory GHSA-G8PJ-R55Q-5C2V vom 2023-10-18", url: "https://github.com/vaadin/platform/releases/tag/24.2.0", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4129-1 vom 2023-10-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016747.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5928 vom 2023-10-20", url: "https://access.redhat.com/errata/RHSA-2023:5928", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19", url: "https://access.redhat.com/errata/RHSA-2023:5929", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5929 vom 2023-10-19", url: "https://access.redhat.com/errata/RHSA-2023:5929.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1868 vom 2023-10-19", url: "https://alas.aws.amazon.com/ALAS-2023-1868.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5929 vom 2023-10-24", url: "https://linux.oracle.com/errata/ELSA-2023-5929.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-5928 vom 2023-10-25", url: "http://linux.oracle.com/errata/ELSA-2023-5928.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:6145 vom 2023-10-27", url: "https://access.redhat.com/errata/RHSA-2023:6145", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-6120 vom 2023-10-27", url: "https://linux.oracle.com/errata/ELSA-2023-6120.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:6207 vom 2023-10-31", url: "https://access.redhat.com/errata/RHSA-2023:6207", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:6206 vom 2023-10-31", url: "https://access.redhat.com/errata/RHSA-2023:6206", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4337-1 vom 2023-11-02", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/016986.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4423-1 vom 2023-11-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017018.html", }, { category: "external", summary: "Camunda Security Notice 97 vom 2023-11-13", url: "https://docs.camunda.org/security/notices/", }, { category: "external", summary: "IBM Security Bulletin 7072626 vom 2023-11-14", url: "https://www.ibm.com/support/pages/node/7072626", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7247 vom 2023-11-16", url: "https://access.redhat.com/errata/RHSA-2023:7247", }, { category: "external", summary: "IBM Security Bulletin 7076274 vom 2023-11-15", url: "https://www.ibm.com/support/pages/node/7076274", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7082717", }, { category: "external", summary: "Xerox Security Bulletin XRX23-021", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-021_FFPSv2_Win10_SecurityBulletin_Nov2023.pdf", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7623 vom 2023-12-07", url: "https://access.redhat.com/errata/RHSA-2023:7623", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7625 vom 2023-12-07", url: "https://access.redhat.com/errata/RHSA-2023:7625", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7626 vom 2023-12-07", url: "https://access.redhat.com/errata/RHSA-2023:7626", }, { category: "external", summary: "IBM Security Bulletin 7099297 vom 2023-12-18", url: "https://www.ibm.com/support/pages/node/7099297", }, { category: "external", summary: "IBM Security Bulletin 7105133 vom 2024-01-05", url: "http://www.ibm.com/support/pages/node/7105133", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0125 vom 2024-01-10", url: "https://access.redhat.com/errata/RHSA-2024:0125", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-0125 vom 2024-01-11", url: "https://linux.oracle.com/errata/ELSA-2024-0125.html", }, { category: "external", summary: "IBM Security Bulletin 7107757 vom 2024-01-16", url: "https://www.ibm.com/support/pages/node/7107757", }, { category: "external", summary: "IBM Security Bulletin 7107755 vom 2024-01-16", url: "https://www.ibm.com/support/pages/node/7107755", }, { category: "external", summary: "IBM Security Bulletin 7111624 vom 2024-01-24", url: "https://www.ibm.com/support/pages/node/7111624", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0474 vom 2024-01-25", url: "https://access.redhat.com/errata/RHSA-2024:0474", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-0474 vom 2024-01-25", url: "https://linux.oracle.com/errata/ELSA-2024-0474.html", }, { category: "external", summary: "DELL Security Update", url: "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2024-107 vom 2024-01-30", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-107/index.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0472-1 vom 2024-02-14", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017913.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-133 vom 2024-03-12", url: "https://www.dell.com/support/kbdoc/000223002/dsa-2024-=", }, { category: "external", summary: "Amazon Linux Security Advisory ALASTOMCAT9-2024-012 vom 2024-03-19", url: "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2024-012.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2501 vom 2024-03-19", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2501.html", }, { category: "external", summary: "IBM Security Bulletin 7114769 vom 2024-04-30", url: "https://www.ibm.com/support/pages/node/7114769", }, { category: "external", summary: "IBM Security Bulletin 7156539 vom 2024-06-18", url: "https://www.ibm.com/support/pages/node/7156539", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2024-134 vom 2024-07-02", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-134/index.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", url: "https://access.redhat.com/errata/RHSA-2024:4631", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2024-126 vom 2024-08-06", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-126/index.html", }, { category: "external", summary: "Brocade Security Advisory BSA-2024-2429 vom 2024-11-02", url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25158", }, { category: "external", summary: "Ubuntu Security Notice USN-7106-1 vom 2024-11-18", url: "https://ubuntu.com/security/notices/USN-7106-1", }, { category: "external", summary: "F5 Security Advisory K000138178 vom 2025-01-17", url: "https://my.f5.com/manage/s/article/K000138178", }, ], source_lang: "en-US", title: "Apache Tomcat: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-19T23:00:00.000+00:00", generator: { date: "2025-01-20T09:28:07.161+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2023-2628", initial_release_date: "2023-10-10T22:00:00.000+00:00", revision_history: [ { date: "2023-10-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-10-15T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-10-17T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-18T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Open Source aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat und Amazon aufgenommen", }, { date: "2023-10-23T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-10-24T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-10-26T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-10-29T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-10-31T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-11-02T23:00:00.000+00:00", number: "11", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-11-13T23:00:00.000+00:00", number: "12", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-11-14T23:00:00.000+00:00", number: "13", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2023-11-15T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat und IBM aufgenommen", }, { date: "2023-11-26T23:00:00.000+00:00", number: "15", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-11-28T23:00:00.000+00:00", number: "16", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2023-12-07T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-12-18T23:00:00.000+00:00", number: "18", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-04T23:00:00.000+00:00", number: "19", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-01-10T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-01-11T23:00:00.000+00:00", number: "21", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-01-15T23:00:00.000+00:00", number: "22", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-24T23:00:00.000+00:00", number: "23", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-25T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-01-28T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-01-29T23:00:00.000+00:00", number: "26", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-02-14T23:00:00.000+00:00", number: "27", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-03-12T23:00:00.000+00:00", number: "28", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-03-18T23:00:00.000+00:00", number: "29", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "30", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-06-17T22:00:00.000+00:00", number: "31", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-07-01T22:00:00.000+00:00", number: "32", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "33", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-05T22:00:00.000+00:00", number: "34", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-11-03T23:00:00.000+00:00", number: "35", summary: "Neue Updates von BROCADE aufgenommen", }, { date: "2024-11-17T23:00:00.000+00:00", number: "36", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2025-01-19T23:00:00.000+00:00", number: "37", summary: "Neue Updates von F5 aufgenommen", }, ], status: "final", version: "37", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<8.5.94", product: { name: "Apache Tomcat <8.5.94", product_id: "T030426", }, }, { category: "product_version", name: "8.5.94", product: { name: "Apache Tomcat 8.5.94", product_id: "T030426-fixed", product_identification_helper: { cpe: "cpe:/a:apache:tomcat:8.5.94", }, }, }, { category: "product_version_range", name: "<9.0.81", product: { name: "Apache Tomcat <9.0.81", product_id: "T030427", }, }, { category: "product_version", name: "9.0.81", product: { name: "Apache Tomcat 9.0.81", product_id: "T030427-fixed", product_identification_helper: { cpe: "cpe:/a:apache:tomcat:9.0.81", }, }, }, ], category: "product_name", name: "Tomcat", }, ], category: "vendor", name: "Apache", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.3.1", product: { name: "Broadcom Brocade SANnav <2.3.1", product_id: "T034139", }, }, { category: "product_version", name: "2.3.1", product: { name: "Broadcom Brocade SANnav 2.3.1", product_id: "T034139-fixed", product_identification_helper: { cpe: "cpe:/a:broadcom:brocade_sannav:2.3.1", }, }, }, { category: "product_version_range", name: "<2.3.0a", product: { name: "Broadcom Brocade SANnav <2.3.0a", product_id: "T034294", }, }, { category: "product_version", name: "2.3.0a", product: { name: "Broadcom Brocade SANnav 2.3.0a", product_id: "T034294-fixed", product_identification_helper: { cpe: "cpe:/a:broadcom:brocade_sannav:2.3.0a", }, }, }, ], category: "product_name", name: "Brocade SANnav", }, ], category: "vendor", name: "Broadcom", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, { category: "product_version_range", name: "vProxy<19.9.0.4", product: { name: "Dell NetWorker vProxy<19.9.0.4", product_id: "T032377", }, }, { category: "product_version", name: "vProxy19.9.0.4", product: { name: "Dell NetWorker vProxy19.9.0.4", product_id: "T032377-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:vproxy_19.9.0.4", }, }, }, { category: "product_version_range", name: "vProxy<19.10", product: { name: "Dell NetWorker vProxy<19.10", product_id: "T032378", }, }, { category: "product_version", name: "vProxy19.10", product: { name: "Dell NetWorker vProxy19.10", product_id: "T032378-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:vproxy_19.10", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_version", name: "15.1.0-15.1.10", product: { name: "F5 BIG-IP 15.1.0-15.1.10", product_id: "T034902", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:15.1.0_-_15.1.10", }, }, }, { category: "product_version", name: "16.1.0-16.1.5", product: { name: "F5 BIG-IP 16.1.0-16.1.5", product_id: "T037028", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:16.1.0_-_16.1.5", }, }, }, { category: "product_version", name: "17.1.0-17.1.2", product: { name: "F5 BIG-IP 17.1.0-17.1.2", product_id: "T040213", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:17.1.0_-_17.1.2", }, }, }, ], category: "product_name", name: "BIG-IP", }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "IBM FlashSystem", product: { name: "IBM FlashSystem", product_id: "T025159", product_identification_helper: { cpe: "cpe:/a:ibm:flashsystem:-", }, }, }, { branches: [ { category: "product_version", name: "10.1-10.1.0.2", product: { name: "IBM Integration Bus 10.1-10.1.0.2", product_id: "T031084", product_identification_helper: { cpe: "cpe:/a:ibm:integration_bus:10.1_-_10.1.0.2", }, }, }, ], category: "product_name", name: "Integration Bus", }, { category: "product_name", name: "IBM Operational Decision Manager", product: { name: "IBM Operational Decision Manager", product_id: "T005180", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:-", }, }, }, { branches: [ { category: "product_version", name: "V10", product: { name: "IBM Power Hardware Management Console V10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, { branches: [ { category: "product_version", name: "7.5", product: { name: "IBM QRadar SIEM 7.5", product_id: "T022954", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "8.0.0.24", product: { name: "IBM Rational Build Forge 8.0.0.24", product_id: "T030689", product_identification_helper: { cpe: "cpe:/a:ibm:rational_build_forge:8.0.0.24", }, }, }, ], category: "product_name", name: "Rational Build Forge", }, { category: "product_name", name: "IBM SAN Volume Controller", product: { name: "IBM SAN Volume Controller", product_id: "T002782", product_identification_helper: { cpe: "cpe:/a:ibm:san_volume_controller:-", }, }, }, { branches: [ { category: "product_version", name: "11.5", product: { name: "IBM Security Guardium 11.5", product_id: "1411051", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:11.5", }, }, }, ], category: "product_name", name: "Security Guardium", }, { branches: [ { category: "product_version", name: "V5000", product: { name: "IBM Storwize V5000", product_id: "T020641", product_identification_helper: { cpe: "cpe:/a:ibm:storwize:v5000", }, }, }, { category: "product_name", name: "IBM Storwize", product: { name: "IBM Storwize", product_id: "T021621", product_identification_helper: { cpe: "cpe:/a:ibm:storwize:-", }, }, }, ], category: "product_name", name: "Storwize", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: "<7.21.0-alpha1", product: { name: "Open Source Camunda <7.21.0-alpha1", product_id: "T031061", }, }, { category: "product_version", name: "7.21.0-alpha1", product: { name: "Open Source Camunda 7.21.0-alpha1", product_id: "T031061-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.21.0-alpha1", }, }, }, { category: "product_version_range", name: "<7.20.1", product: { name: "Open Source Camunda <7.20.1", product_id: "T031062", }, }, { category: "product_version", name: "7.20.1", product: { name: "Open Source Camunda 7.20.1", product_id: "T031062-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.20.1", }, }, }, { category: "product_version_range", name: "<7.19.8", product: { name: "Open Source Camunda <7.19.8", product_id: "T031063", }, }, { category: "product_version", name: "7.19.8", product: { name: "Open Source Camunda 7.19.8", product_id: "T031063-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.19.8", }, }, }, { category: "product_version_range", name: "<7.18.12", product: { name: "Open Source Camunda <7.18.12", product_id: "T031064", }, }, { category: "product_version", name: "7.18.12", product: { name: "Open Source Camunda 7.18.12", product_id: "T031064-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.18.12", }, }, }, { category: "product_version_range", name: "RPA Bridge <1.1.10", product: { name: "Open Source Camunda RPA Bridge <1.1.10", product_id: "T031065", }, }, { category: "product_version", name: "RPA Bridge 1.1.10", product: { name: "Open Source Camunda RPA Bridge 1.1.10", product_id: "T031065-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:rpa_bridge__1.1.10", }, }, }, ], category: "product_name", name: "Camunda", }, { branches: [ { category: "product_version_range", name: "<24.2.0", product: { name: "Open Source Vaadin <24.2.0", product_id: "T030676", }, }, { category: "product_version", name: "24.2.0", product: { name: "Open Source Vaadin 24.2.0", product_id: "T030676-fixed", product_identification_helper: { cpe: "cpe:/a:vaadin:vaadin:24.2.0", }, }, }, ], category: "product_name", name: "Vaadin", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version", name: "1", product: { name: "Red Hat JBoss Core Services 1", product_id: "459970", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1.0", }, }, }, { category: "product_name", name: "Red Hat JBoss Core Services", product: { name: "Red Hat JBoss Core Services", product_id: "T012412", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:-", }, }, }, ], category: "product_name", name: "JBoss Core Services", }, { branches: [ { category: "product_version_range", name: "<5.7.7", product: { name: "Red Hat JBoss Web Server <5.7.7", product_id: "T031508", }, }, { category: "product_version", name: "5.7.7", product: { name: "Red Hat JBoss Web Server 5.7.7", product_id: "T031508-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.7.7", }, }, }, ], category: "product_name", name: "JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v2 / Windows 10", product: { name: "Xerox FreeFlow Print Server v2 / Windows 10", product_id: "T031383", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v2__windows_10", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-42794", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Tomcat. Dieser Fehler besteht im internen Fork des Commons FileUpload-Pakets aufgrund einer unvollständigen Bereinigung. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "67646", "T034902", "T012412", "T030426", "T030689", "T004914", "T020641", "T024663", "T005180", "398363", "T031508", "T025159", "T040213", "T023373", "T034139", "T032377", "T002782", "T032378", "T030676", "T031061", "T031063", "T037028", "T031062", "T031084", "T034294", "T031065", "T031064", "T031383", "T017562", "T022954", "T021621", "2951", "T002207", "T000126", "T030427", "459970", "1411051", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-42794", }, { cve: "CVE-2023-42795", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Tomcat. Dieser Fehler besteht aufgrund des Überspringens einiger Teile des Recycling-Prozesses durch den Dienst. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "67646", "T034902", "T012412", "T030426", "T030689", "T004914", "T020641", "T024663", "T005180", "398363", "T031508", "T025159", "T040213", "T023373", "T034139", "T032377", "T002782", "T032378", "T030676", "T031061", "T031063", "T037028", "T031062", "T031084", "T034294", "T031065", "T031064", "T031383", "T017562", "T022954", "T021621", "2951", "T002207", "T000126", "T030427", "459970", "1411051", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-42795", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Tomcat in der HTTP/2-Implementierung. Bei der Überprüfung von Stream-Limits werden abgebrochene Verbindungen nicht gezählt, obwohl der Worker-Prozess noch an der Anfrage arbeitet. Ein Angreifer kann dies für einen Denial-of-Service-Angriff ausnutzen, indem er zahlreiche Anfrageströme parallel öffnet und jeden einzelnen mit dem RST_STREAM-Frame des HTTP/2-Protokolls schnell abbricht, ohne auf Antworten zu warten. Diese Art von Angriff wird als \"HTTP/2 Rapid Reset\"-Angriff bezeichnet.", }, ], product_status: { known_affected: [ "67646", "T034902", "T012412", "T030426", "T030689", "T004914", "T020641", "T024663", "T005180", "398363", "T031508", "T025159", "T040213", "T023373", "T034139", "T032377", "T002782", "T032378", "T030676", "T031061", "T031063", "T037028", "T031062", "T031084", "T034294", "T031065", "T031064", "T031383", "T017562", "T022954", "T021621", "2951", "T002207", "T000126", "T030427", "459970", "1411051", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Tomcat. Dieser Fehler besteht in den HTTP-Trailer-Headern aufgrund einer unzureichenden Eingabevalidierung. Durch die Verwendung eines speziell gestalteten, ungültigen Trailer-Headers kann ein entfernter Angreifer diese Schwachstelle zur Umgehung von Sicherheitsmaßnahmen ausnutzen.", }, ], product_status: { known_affected: [ "67646", "T034902", "T012412", "T030426", "T030689", "T004914", "T020641", "T024663", "T005180", "398363", "T031508", "T025159", "T040213", "T023373", "T034139", "T032377", "T002782", "T032378", "T030676", "T031061", "T031063", "T037028", "T031062", "T031084", "T034294", "T031065", "T031064", "T031383", "T017562", "T022954", "T021621", "2951", "T002207", "T000126", "T030427", "459970", "1411051", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-45648", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.