Vulnerability CVE-2018-1323

Vulnerability Name:

CVE-2018-1323 (CCN-140213)

Assigned:

2017-12-07

Published:

2018-03-12

Updated:

2019-04-15

Summary:

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200
CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-1323

Source: CCN
Type: Apache Web site
Tomcat JK ISAPI Connector

Source: CCN
Type: IBM Security Bulletin T1027633 (Spectrum Symphony)
Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304)

Source: CCN
Type: IBM Security Bulletin 2011364 (OpenPages GRC Platform)
IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.

Source: BID
Type: Third Party Advisory, VDB Entry
103389

Source: CCN
Type: BID-103389
Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:1843

Source: XF
Type: UNKNOWN
apache-tomcat-cve20181323-info-disc(140213)

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Source: MISC
Type: Mitigation, Vendor Advisory
https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* (Version >= 1.2.0 and <= 1.2.42)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20181323	V	CVE-2018-1323	2022-09-02
oval:org.opensuse.security:def:3467	P	cvs-1.12.12-182.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95097	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:974	P	Security update for openssl-1_1 (Important)	2022-03-16
oval:org.opensuse.security:def:111955	P	apache2-mod_jk-1.2.48-2.9 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1496	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:64615	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:94194	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:105519	P	apache2-mod_jk-1.2.48-2.9 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71402	P	syslog-service-2.0-2.23 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63194	P	apache2-mod_jk-1.2.43-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103684	P	apache2-mod_jk-1.2.43-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96994	P	apache2-mod_jk-1.2.43-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71289	P	libopenjp2-7-2.3.0-1.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:90029	P	apache2-mod_jk-1.2.43-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2105	P	apache2-mod_jk-1.2.43-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:68049	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-09-16
oval:org.opensuse.security:def:1549	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:1027	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:48249	P	openssh-7.2p2-74.45.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47824	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47548	P	alsa-1.0.27.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48048	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47563	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47877	P	rpm-32bit-4.11.2-16.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47496	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48101	P	libcdio14-0.90-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47631	P	grub2-2.02-11.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47956	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47549	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48196	P	libspice-client-glib-2_0-8-0.33-3.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47684	P	libXt6-1.1.4-3.57 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47495	P	rsyslog-8.24.0-1.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48009	P	freeradius-server-3.0.19-1.48 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47510	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2228	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63317	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100907	P	libekmfweb1-2.15.1-6.7 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66863	P	Security update for systemd (Moderate)	2021-07-20
oval:org.opensuse.security:def:48723	P	gnome-online-accounts-3.10.5-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48547	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48674	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48410	P	elfutils-0.158-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48776	P	gnome-shell-calendar-3.20.4-70.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48556	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48652	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48463	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48609	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48705	P	rhythmbox-3.0.2-1.92 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48494	P	libgc1-7.2d-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48621	P	sblim-sfcb-1.4.8-8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64702	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:1607	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:66771	P	Security update for java-11-openjdk (Important)	2021-05-11
oval:org.opensuse.security:def:70219	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:2163	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63252	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107573	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117131	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2052	P	apache2-mod_jk-1.2.43-1.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63141	P	apache2-mod_jk-1.2.43-1.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49883	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50048	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73554	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49936	P	apache2-mod_apparmor on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67949	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49937	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49994	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70114	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49990	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73436	P	libmodplug-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.artful:def:20181323000	V	CVE-2018-1323 on Ubuntu 17.10 (artful) - medium.	2018-03-12
oval:com.ubuntu.xenial:def:20181323000	V	CVE-2018-1323 on Ubuntu 16.04 LTS (xenial) - medium.	2018-03-12
oval:com.ubuntu.xenial:def:201813230000000	V	CVE-2018-1323 on Ubuntu 16.04 LTS (xenial) - medium.	2018-03-12

BACK