Vulnerability CVE-2013-4444 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4444 (CCN-95876)

Assigned:

2013-06-12

Published:

2014-09-10

Updated:

2021-01-07

Summary:

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: BUGTRAQ
Type: UNKNOWN
20140910 CVE-2013-4444 Remote Code Execution in Apache Tomcat

Source: CCN
Type: BugTraq Mailing List, Wed Sep 10 2014 - 09:00:24 CDT
CVE-2013-4444 Remote Code Execution in Apache Tomcat

Source: MITRE
Type: CNA
CVE-2013-4444

Source: HP
Type: UNKNOWN
HPSBOV03503

Source: MLIST
Type: UNKNOWN
[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185

Source: FULLDISC
Type: UNKNOWN
20210106 Re: [SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

Source: CCN
Type: Apache Web Site
Apache Tomcat

Source: CONFIRM
Type: Patch
http://tomcat.apache.org/security-7.html

Source: DEBIAN
Type: UNKNOWN
DSA-3447

Source: CCN
Type: IBM Security Bulletin N1020714
Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)

Source: CCN
Type: IBM Security Bulletin 1687262
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4444)

Source: CCN
Type: IBM Security Bulletin 1687761
IBM Algo One is affected by multiple Open Source Tomcat security vulnerabilities (CVE-2013-4444, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1689396
Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4

Source: CCN
Type: IBM Security Bulletin 1693651
Vulnerabilities in Sametime Unified Telephony (OpenSSL: CVE-2014-3508 to CVE-2014-3512, CVE-2014-5139. Apache Tomcat: CVE-2014-0099, CVE-2014-0119, CVE-2013-4444)

Source: CCN
Type: IBM Security Bulletin 1959291
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0227)

Source: CCN
Type: IBM Security Bulletin 1959294
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0230)

Source: CCN
Type: IBM Security Bulletin 1959298
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server uses an insecure hashing scheme for handling user passwords (CVE-2015-1913)

Source: CCN
Type: IBM Security Bulletin 1960149
Rational Build Forge affected by Apache Tomcat vulnerability (CVE-2014-0227)

Source: CCN
Type: IBM Security Bulletin 1961729
ulnerability in Diffie-Hellman key exchange protocol affects Rational Integration Tester component in Rational Test Workbench, and Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server

Source: CCN
Type: IBM Security Bulletin 1976103
Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool

Source: CCN
Type: Oracle CPUOct2016
Oracle Critical Patch Update Advisory - October 2016

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: BID
Type: UNKNOWN
69728

Source: CCN
Type: BID-69728
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability

Source: SECTRACK
Type: UNKNOWN
1030834

Source: CCN
Type: Red Hat Bugzilla Bug 1140314
(CVE-2013-4444) CVE-2013-4444 tomcat: remote code execution via uploaded JSP

Source: XF
Type: UNKNOWN
apache-tomcat-cve20134444-file-upload(95876)

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4444

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version <= 7.0.39)

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

AND

cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.0.4:-:community:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:7.1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.6.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.7.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.6.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.7.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_license_key_server:8.1.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.precise:def:20134444000	V	CVE-2013-4444 on Ubuntu 12.04 LTS (precise) - medium.	2014-09-11
oval:com.ubuntu.trusty:def:20134444000	V	CVE-2013-4444 on Ubuntu 14.04 LTS (trusty) - medium.	2014-09-11
oval:com.ubuntu.xenial:def:20134444000	V	CVE-2013-4444 on Ubuntu 16.04 LTS (xenial) - medium.	2014-09-11
oval:com.ubuntu.xenial:def:201344440000000	V	CVE-2013-4444 on Ubuntu 16.04 LTS (xenial) - medium.	2014-09-11