Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3250 HP-UX Tomcat-based Servlet Engine, Multiple Remote Vulnerabilities 23 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: Hewlett-Packard Operating System: HP-UX Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-13935 CVE-2020-1938 CVE-2020-1935 CVE-2019-17569 CVE-2019-17563 CVE-2019-12418 CVE-2019-0232 CVE-2019-0221 CVE-2018-11784 CVE-2018-8034 CVE-2018-8014 CVE-2018-1336 CVE-2018-1305 CVE-2018-1304 Reference: ESB-2020.2447 ESB-2020.2110 ESB-2020.2089 ESB-2020.1887 Original Bulletin: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04015en_us - --------------------------BEGIN INCLUDED TEXT-------------------- SECURITY BULLETIN Document ID: hpesbux04015en_us Version: 2 HPESBUX04015 rev.2 - HP-UX Tomcat-based Servlet Engine, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2020-08-28 Last Updated: 2020-09-21 Potential Security Impact: Local: Access Restriction Bypass; Remote: Access Restriction Bypass, Code Execution, Denial of Service (DoS), Gain Unauthorized Access, URL Redirection, Unauthorized Access to Data, Unauthorized Access to Sensitive Information Source: Hewlett Packard Enterprise, HPE Product Security Response Team VULNERABILITY SUMMARY Security vulnerabilities in the HP-UX Tomcat-based Servlet Engine could be exploited remotely to create a Cache Poisoning or Security Constraint Bypass. References: CVE-2018-1305 - Tomcat-based Servlet Engine CVE-2018-1304 - Tomcat-based Servlet Engine CVE-2018-1336 - Tomcat-based Servlet Engine CVE-2018-8014 - Tomcat-based Servlet Engine CVE-2018-8034 - Tomcat-based Servlet Engine CVE-2018-11784 - Tomcat-based Servlet Engine CVE-2019-0232 - Tomcat-based Servlet Engine CVE-2019-0221 - Tomcat-based Servlet Engine CVE-2019-17563 - Tomcat-based Servlet Engine CVE-2019-12418 - Tomcat-based Servlet Engine CVE-2020-1935 - Tomcat-based Servlet Engine CVE-2019-17569 - Tomcat-based Servlet Engine CVE-2020-1938 - Tomcat-based Servlet Engine CVE-2020-13935 - Tomcat-based Servlet Engine SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX Tomcat-based Servlet v.7.x Engine D.7.0.84.01 and earlier BACKGROUND HPE calculates CVSS using CVSS Version 3.1. If the score is provided from NIST, we will display Version 2.0, 3.0, or 3.1 as provided from NVD. Reference V3 Vector V3 Base Score V2 Vector V2 Base Score CVE-2018-11784 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2018-1304 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.9 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2018-1305 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 6.5 (AV:N/AC:L/Au:S/C:P/I:N/A:N) 4 CVE-2018-1336 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 7.5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5 CVE-2018-8014 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2018-8034 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 7.5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5 CVE-2019-0221 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 6.1 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2019-0232 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.1 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2019-12418 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 7 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2019-17563 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.5 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2019-17569 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) 4.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2020-13935 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 7.5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5 CVE-2020-1935 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) 4.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2020-1938 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002 RESOLUTION HPE has provided the following software update to resolve the vulnerabilities in HP-UX Apache Tomcat 7 Servlet Engine: Tomcat 7.0.104.01 for HP-UX Release B.11.31 (IPF and PA-RISC) 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B509-11-31-64.depot 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B509-11-31-32.depot Note: The depot file can be found here: https://myenterpriselicense.hpe.com/cwp-ui/free-software/HPUXWSATW509 HISTORY Version:1 (rev.1) - 28 August 2020 Initial release Version:2 (rev.2) - 21 September 2020 Corrected version history - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX2rBfuNLKJtyKPYoAQiZ1RAAmR/UkUGZ0Guiop86a3S7J2gQ3ATMSwfL cltzw0LnMXo4Zhxau2qs4DwFi5bG1p0PNdewnFNFbhEMtciq5A4ypoNTy3vcbBGk nz7naRQYT8bzZFnVr7LgcnkCwtjOp4YfWSWRfBnBwnyszPQfvhZaXsBGPYOFsm4O XNPO7Vcw4J1usZhjpycBpD7IhWA3eJRSq6OLjdkWSpt436mmrql6BPtczA5rNKAW TdaDxsML6HSl488f+NMEXM8rZIW0YLwwRUDDTasfjoXQM9XAbK1IOVarSQFPKwVl z75BNV3tqlETrsmw4wDmNVUNtfhk9I0r5gwHtc5T/rr3ln8eRXyFkZVgGiU80XtD +g0uXvFAlGjLVB0ZOpxke69G4Lq7O06HFSTEEMpi0djn6n2qWetxo9Rv9frwVTRY x7GAakAR/8T2Yp1xSRs7sQ498SHq7uLGvmCURevT16ylANmLl9qF6nGuoVQ6wOup edbw+Ua6MpXQxWuIv9wap71QO4b93upWtgcNNx6T9xpd/jBXL2mpv1U1CdICOoKi SWuhAcaSLH/QjoSEYZjIZ+ISRj9WChSaTxWeAfIz5EzGxRuI7Tdnq/ZF8Pa2+Rv/ snO0Ec48DevAZAribNogSB5AJhyNEXLXwcMiUmubxZRrIkNTtfZ+oKtsnWL5znOV UiMkBUJQBWk= =8u1j -----END PGP SIGNATURE-----