Access Restriction Bypass

Affecting org.apache.tomcat:tomcat-catalina artifact, versions [7.0.0,7.0.85) || [8.0.0.RC1,8.0.50) || [8.5.0,8.5.28) || [9.0.0.M1,9.0.5)

Do your applications use this vulnerable package? Test your applications

Overview

org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.

Affected versions of this package are vulnerable to Access Restriction Bypass. The URL pattern of (the empty string) which exactly maps to the context root was not correctly handled, this caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

Remediation

Upgrade org.apache.tomcat:tomcat-catalina to version 7.0.85, 8.0.50, 8.5.28, 9.0.5 or higher.

References

CVSS Score

5.9
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Credit
Unknown
CVE
CVE-2018-1304
CWE
CWE-284
Snyk ID
SNYK-JAVA-ORGAPACHETOMCAT-32115
Disclosed
23 Feb, 2018
Published
05 Mar, 2018