{"id":"USN-3024-1","summary":"tomcat6, tomcat7 vulnerabilities","details":"It was discovered that Tomcat incorrectly handled pathnames used by web\napplications in a getResource, getResourceAsStream, or getResourcePaths\ncall. A remote attacker could use this issue to possibly list a parent\ndirectory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)\n\nIt was discovered that Tomcat incorrectly handled different session\nsettings when multiple versions of the same web application was deployed. A\nremote attacker could possibly use this issue to hijack web sessions. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346)\n\nIt was discovered that the Tomcat Manager and Host Manager applications\nincorrectly handled new requests. A remote attacker could possibly use this\nissue to bypass CSRF protection mechanisms. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the\nRestrictedServlets list. A remote attacker could possibly use this issue to\nread arbitrary HTTP requests, including session ID values. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.\n(CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could possibly\nuse this issue to execute arbitrary code in a privileged context. This\nissue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10.\n(CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. A remote attacker could possibly use\nthis issue to read or wite to arbitrary application data, or cause a denial\nof service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled\ncertain upload requests. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2016-3092)\n","modified":"2026-02-10T04:41:01Z","published":"2016-07-05T16:55:53Z","related":["UBUNTU-CVE-2015-5174","UBUNTU-CVE-2015-5345","UBUNTU-CVE-2015-5346","UBUNTU-CVE-2015-5351","UBUNTU-CVE-2016-0706","UBUNTU-CVE-2016-0714","UBUNTU-CVE-2016-0763","UBUNTU-CVE-2016-3092"],"upstream":["CVE-2015-5174","CVE-2015-5345","CVE-2015-5346","CVE-2015-5351","CVE-2016-0706","CVE-2016-0714","CVE-2016-0763","CVE-2016-3092","UBUNTU-CVE-2015-5174","UBUNTU-CVE-2015-5345","UBUNTU-CVE-2015-5346","UBUNTU-CVE-2015-5351","UBUNTU-CVE-2016-0706","UBUNTU-CVE-2016-0714","UBUNTU-CVE-2016-0763","UBUNTU-CVE-2016-3092"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3024-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5174"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5345"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5351"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-0706"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-0714"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-0763"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3092"}],"affected":[{"package":{"name":"tomcat7","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.6?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.52-1ubuntu0.6"}]}],"versions":["7.0.42-1","7.0.47-1","7.0.50-1","7.0.52-1","7.0.52-1ubuntu0.1","7.0.52-1ubuntu0.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libservlet3.0-java","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"libtomcat7-java","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7-admin","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7-common","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7-docs","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7-examples","binary_version":"7.0.52-1ubuntu0.6"},{"binary_name":"tomcat7-user","binary_version":"7.0.52-1ubuntu0.6"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2015-5174","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-5345","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-5346","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2015-5351","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-0706","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-0714","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-0763","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-3092","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3024-1.json"}},{"package":{"name":"tomcat7","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.68-1ubuntu0.1"}]}],"versions":["7.0.64-1","7.0.68-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libservlet3.0-java","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"libtomcat7-java","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7-admin","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7-common","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7-docs","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7-examples","binary_version":"7.0.68-1ubuntu0.1"},{"binary_name":"tomcat7-user","binary_version":"7.0.68-1ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-3092","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3024-1.json"}}],"schema_version":"1.7.3"}