In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. This vulnerability was patched on Eclipse BIRT 4.13. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. If the host indicated in the _report parameter matched the HTTP Host header value, the report would be retrieved. In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability.
0 kommentar(er)
