• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

The version of Tomcat installed on the remote host is prior to 9.0.71.

New Here ,
May 18, 2023 May 18, 2023

Copy link to clipboard

Copied

The version of Tomcat installed on the remote host is prior to 9.0.71. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.71_security-9 advisory.

- Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
(CVE-2023-24998)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

 

How does one remediate the above?

Views

208

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 19, 2023 May 19, 2023

Copy link to clipboard

Copied

One must wait for Adobe to release an update to cf that embeds the updated tomcat.

 

You don't say what cf version you're on. If cf2021 we can expect such an update--but no telling when. They've gone over a year between applying needed tomcat updates. If you're on cf2018, such an update would need to come out before July, when its support/updates end. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 19, 2023 May 19, 2023

Copy link to clipboard

Copied

So I went ahead and blocked port 8500 on the local firewall of the device both inbound and outbound. This remediated the issue. I told the users to use server to access the CF admin page. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 19, 2023 May 19, 2023

Copy link to clipboard

Copied

LATEST

Use the server? You mean access that 8500 port only from the server itself? Well, sure. Locking that down to be accessed only from the server itself is an option. But the port would have been blocked by most any firewall by default, since it's a non-standard port, at least from outside the network. 

 

If you're saying the security scan doesn't run from the server but is within the network, that will stop it detecting the vulnerability. It's still there, but "less" exposed. By the same token, it was almost certainly not exposed outside the network. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation