Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Workaround / mitigation for CVE2011-3190

Posted on 2014-10-28
11
Medium Priority
?
176 Views
Last Modified: 2014-11-04
Both network & endpoint IPS vendors told us they don't have a signature
for this Tomcat CVE2011-3190  yet : been a while.

a) is there any workaround from the OS vendor (Redhat & MS) to
    mitigate this?

b) any other mitigation other than shutting down the Tomcat?
0
Comment
Question by:sunhux
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 9

Assisted Solution

by:Ashok Dewan
Ashok Dewan earned 600 total points
ID: 40408043
Hi,
You haven't mentioned the version which being is used now. But, there are certain versions which are affected by above vulnerability. So, you can use latest version i.e. 7.0.55 , 7.0.56 are not affected.

List of versions which are affected
http://www.cvedetails.com/cve/CVE-2011-3190/
Best to update
0
 

Author Comment

by:sunhux
ID: 40408072
We can certainly upgrade this high risk "Apache Tomcat: AJP Message Injection Authentication Bypass" vulnerability  to version 6.0.40, 7.0.54, 8.0.6 or later of Apache Tomcat but this is going to take a while & not preferred as it will take
some amount of testing
0
 

Author Comment

by:sunhux
ID: 40408074
OUr current version is 5.5.27 ;  will updating to 5.5.34 post a low
risk of breaking the apps & is Ver 5.5.34 break anything or the app?
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 

Author Comment

by:sunhux
ID: 40408080
Slight typo:

will updating to Ver 5.5.34 pose no or low risk of breaking the apps &
where can I download Ver 5.5.34 if it's still available somewhere (hope
it's not been removed) ?
0
 

Author Comment

by:sunhux
ID: 40408099
In our case, it's running on RHEL 5.x VMs
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 40411603
Here is http://olex.openlogic.com/packages/tomcat/5.5.34
I believe you might have checked this site already. right ?
0
 

Author Comment

by:sunhux
ID: 40412854
Not yet, thanks.

Last question:
small update to 5.5.34 is less risky than a major jump to Ver 7.x ?
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 40416887
Watching the Red Hat, consider the mitigation instead of shutting down. The severity is still moderate / medium but still need to be patched esp since it is such old vul. https://bugzilla.redhat.com/show_bug.cgi?id=734868

Users of affected versions should apply one of the following mitigation:
- Apply the appropriate patch
  - 7.0.x http://svn.apache.org/viewvc?rev=1162958&view=rev
  - 6.0.x http://svn.apache.org/viewvc?rev=1162959&view=rev
  - 5.5.x http://svn.apache.org/viewvc?rev=1162960&view=rev
- Configure the reverse proxy and Tomcat's AJP connector(s) to use the requiredSecret attribute
e.g. tomcat5/6 -   (It is "request.secret" attribute in AJP <Connector>,
   "worker.workername.secret" directive for mod_jk. The mod_proxy_ajp module
   currently does not support shared secrets).

- Use the org.apache.jk.server.JkCoyoteHandler AJP connector (not available for Tomcat 7.0.x)
e.g. (It is automatically selected if you do not have Tomcat-Native library
   installed. It can be also selected explicitly: <Connector
   protocol="org.apache.jk.server.JkCoyoteHandler">).

http://mail-archives.apache.org/mod_mbox/www-announce/201108.mbox/%3C4E5BEDE0.8010604@apache.org%3E

Listed are advisory available in list for this CVE http://packetstormsecurity.com/files/cve/CVE-2011-3190
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 400 total points
ID: 40417312
There is about 50+ serious secuirty holes in Tomcar 5.5 alone, not counting that it does not run on Java 7 or 8
So you have to migrate (actually had to years ago)
0
 
LVL 65

Expert Comment

by:btan
ID: 40417740
agreed as well, the CVE is old and do not let low hanging exist esp for internet facing appl systems. do a collective review of the patches required and get the testing in staging env going
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question