Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3250
HP-UX Tomcat-based Servlet Engine, Multiple Remote Vulnerabilities
23 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: tomcat
Publisher: Hewlett-Packard
Operating System: HP-UX
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-13935 CVE-2020-1938 CVE-2020-1935
CVE-2019-17569 CVE-2019-17563 CVE-2019-12418
CVE-2019-0232 CVE-2019-0221 CVE-2018-11784
CVE-2018-8034 CVE-2018-8014 CVE-2018-1336
CVE-2018-1305 CVE-2018-1304
Reference: ESB-2020.2447
ESB-2020.2110
ESB-2020.2089
ESB-2020.1887
Original Bulletin:
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04015en_us
- --------------------------BEGIN INCLUDED TEXT--------------------
SECURITY BULLETIN
Document ID: hpesbux04015en_us
Version: 2
HPESBUX04015 rev.2 - HP-UX Tomcat-based Servlet Engine, Multiple Remote
Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.
Release Date: 2020-08-28
Last Updated: 2020-09-21
Potential Security Impact:
Local: Access Restriction Bypass;
Remote: Access Restriction Bypass, Code Execution, Denial of Service (DoS),
Gain Unauthorized Access, URL Redirection, Unauthorized Access to
Data, Unauthorized Access to Sensitive Information
Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY
Security vulnerabilities in the HP-UX Tomcat-based Servlet Engine could be
exploited remotely to create a Cache Poisoning or Security Constraint Bypass.
References:
CVE-2018-1305 - Tomcat-based Servlet Engine
CVE-2018-1304 - Tomcat-based Servlet Engine
CVE-2018-1336 - Tomcat-based Servlet Engine
CVE-2018-8014 - Tomcat-based Servlet Engine
CVE-2018-8034 - Tomcat-based Servlet Engine
CVE-2018-11784 - Tomcat-based Servlet Engine
CVE-2019-0232 - Tomcat-based Servlet Engine
CVE-2019-0221 - Tomcat-based Servlet Engine
CVE-2019-17563 - Tomcat-based Servlet Engine
CVE-2019-12418 - Tomcat-based Servlet Engine
CVE-2020-1935 - Tomcat-based Servlet Engine
CVE-2019-17569 - Tomcat-based Servlet Engine
CVE-2020-1938 - Tomcat-based Servlet Engine
CVE-2020-13935 - Tomcat-based Servlet Engine
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX Tomcat-based Servlet v.7.x Engine D.7.0.84.01 and earlier
BACKGROUND
HPE calculates CVSS using CVSS Version 3.1. If the score is provided from
NIST, we will display Version 2.0, 3.0, or 3.1 as provided from NVD.
Reference
V3 Vector
V3 Base Score
V2 Vector
V2 Base Score
CVE-2018-11784
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.3
CVE-2018-1304
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.9
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
4.3
CVE-2018-1305
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
6.5
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
4
CVE-2018-1336
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
7.5
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5
CVE-2018-8014
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
CVE-2018-8034
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
7.5
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
5
CVE-2019-0221
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
6.1
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.3
CVE-2019-0232
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.1
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
9.3
CVE-2019-12418
(CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
7
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
4.4
CVE-2019-17563
(CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.5
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
5.1
CVE-2019-17569
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
4.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
5.8
CVE-2020-13935
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
7.5
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
5
CVE-2020-1935
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
4.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
5.8
CVE-2020-1938
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.5
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided the following software update to resolve the vulnerabilities
in HP-UX Apache Tomcat 7 Servlet Engine:
Tomcat 7.0.104.01 for HP-UX Release B.11.31 (IPF and PA-RISC)
64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B509-11-31-64.depot
32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B509-11-31-32.depot
Note: The depot file can be found here:
https://myenterpriselicense.hpe.com/cwp-ui/free-software/HPUXWSATW509
HISTORY
Version:1 (rev.1) - 28 August 2020 Initial release
Version:2 (rev.2) - 21 September 2020 Corrected version history
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX2rBfuNLKJtyKPYoAQiZ1RAAmR/UkUGZ0Guiop86a3S7J2gQ3ATMSwfL
cltzw0LnMXo4Zhxau2qs4DwFi5bG1p0PNdewnFNFbhEMtciq5A4ypoNTy3vcbBGk
nz7naRQYT8bzZFnVr7LgcnkCwtjOp4YfWSWRfBnBwnyszPQfvhZaXsBGPYOFsm4O
XNPO7Vcw4J1usZhjpycBpD7IhWA3eJRSq6OLjdkWSpt436mmrql6BPtczA5rNKAW
TdaDxsML6HSl488f+NMEXM8rZIW0YLwwRUDDTasfjoXQM9XAbK1IOVarSQFPKwVl
z75BNV3tqlETrsmw4wDmNVUNtfhk9I0r5gwHtc5T/rr3ln8eRXyFkZVgGiU80XtD
+g0uXvFAlGjLVB0ZOpxke69G4Lq7O06HFSTEEMpi0djn6n2qWetxo9Rv9frwVTRY
x7GAakAR/8T2Yp1xSRs7sQ498SHq7uLGvmCURevT16ylANmLl9qF6nGuoVQ6wOup
edbw+Ua6MpXQxWuIv9wap71QO4b93upWtgcNNx6T9xpd/jBXL2mpv1U1CdICOoKi
SWuhAcaSLH/QjoSEYZjIZ+ISRj9WChSaTxWeAfIz5EzGxRuI7Tdnq/ZF8Pa2+Rv/
snO0Ec48DevAZAribNogSB5AJhyNEXLXwcMiUmubxZRrIkNTtfZ+oKtsnWL5znOV
UiMkBUJQBWk=
=8u1j
-----END PGP SIGNATURE-----