Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Camel Templating injection

Summaryinfo

A vulnerability, which was classified as critical, has been found in Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17. Impacted is an unknown function of the component Camel Templating. Performing a manipulation results in injection. This vulnerability is reported as CVE-2020-11994. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 (Application Server Software). It has been classified as critical. This affects an unknown functionality of the component Camel Templating. The manipulation with an unknown input leads to a injection vulnerability. CWE is classifying the issue as CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

The weakness was disclosed 07/08/2020 (Website). It is possible to read the advisory at lists.apache.org. This vulnerability is uniquely identified as CVE-2020-11994 since 04/21/2020. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1055 according to MITRE ATT&CK.

Upgrading to version 7.0.76, 8.0.42, 8.5.12 or 9.0.0.M18 eliminates this vulnerability.

The entry VDB-113894 is pretty similar. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Application Server Software

Vendor

• Apache

Name

• Tomcat

Version

• 7.0.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.7
• 7.0.8
• 7.0.9
• 7.0.10
• 7.0.11
• 7.0.12
• 7.0.13
• 7.0.14
• 7.0.15
• 7.0.16
• 7.0.17
• 7.0.18
• 7.0.19
• 7.0.20
• 7.0.21
• 7.0.22
• 7.0.23
• 7.0.24
• 7.0.25
• 7.0.26
• 7.0.27
• 7.0.28
• 7.0.29
• 7.0.30
• 7.0.31
• 7.0.32
• 7.0.33
• 7.0.34
• 7.0.35
• 7.0.36
• 7.0.37
• 7.0.38
• 7.0.39
• 7.0.40
• 7.0.41
• 7.0.42
• 7.0.43
• 7.0.44
• 7.0.45
• 7.0.46
• 7.0.47
• 7.0.48
• 7.0.49
• 7.0.50
• 7.0.51
• 7.0.52
• 7.0.53
• 7.0.54
• 7.0.55
• 7.0.56
• 7.0.57
• 7.0.58
• 7.0.59
• 7.0.60
• 7.0.61
• 7.0.62
• 7.0.63
• 7.0.64
• 7.0.65
• 7.0.66
• 7.0.67
• 7.0.68
• 7.0.69
• 7.0.70
• 7.0.71
• 7.0.72
• 7.0.73
• 7.0.74
• 7.0.75
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.0.20
• 8.0.21
• 8.0.22
• 8.0.23
• 8.0.24
• 8.0.25
• 8.0.26
• 8.0.27
• 8.0.28
• 8.0.29
• 8.0.30
• 8.0.31
• 8.0.32
• 8.0.33
• 8.0.34
• 8.0.35
• 8.0.36
• 8.0.37
• 8.0.38
• 8.0.39
• 8.0.40
• 8.0.41
• 8.5.0
• 8.5.1
• 8.5.2
• 8.5.3
• 8.5.4
• 8.5.5
• 8.5.6
• 8.5.7
• 8.5.8
• 8.5.9
• 8.5.10
• 8.5.11
• 9.0.0.M17

License

• open-source

Website

• Vendor: https://www.apache.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion