J-Security Center

Title: Multiple Java Runtime Implementations UTF-8 Input Validation Vulnerability

Severity: HIGH

Description:

Multiple Java runtime implementations are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input.

The problem occurs is the UTF-8 charset implementation of the 'java.nio.charset.CharsetDecoder'. Specifically, the 'onMalformedInput Coding ErrorAction' is not implemented when the presence of overly long UTF-8 sequences are detected.

For Apache Tomcat, successful exploitation requires the 'allowLinking' field to be enabled and the 'URIencoding' field to be set to 'UTF-8' in the 'server.xml' or 'context.xml' files. Note that the vulnerability applies when requests with 'UTF-8' body encoding are processed and the 'useBodyEncodingForURI' field is set to 'true'. A successful exploit will result in the disclosure of potentially sensitive information.

Exploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation.

UPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available.

UPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations.

Affected Products:

  • Apache Software Foundation Harmony 5.0 M7
  • Apache Software Foundation Harmony 5.0 M8
  • Apache Software Foundation Tomcat 4.1.0
  • Apache Software Foundation Tomcat 4.1.10
  • Apache Software Foundation Tomcat 4.1.12
  • Apache Software Foundation Tomcat 4.1.24
  • Apache Software Foundation Tomcat 4.1.28
  • Apache Software Foundation Tomcat 4.1.29
  • Apache Software Foundation Tomcat 4.1.3
  • Apache Software Foundation Tomcat 4.1.3 beta
  • Apache Software Foundation Tomcat 4.1.30
  • Apache Software Foundation Tomcat 4.1.31
  • Apache Software Foundation Tomcat 4.1.32
  • Apache Software Foundation Tomcat 4.1.34
  • Apache Software Foundation Tomcat 4.1.34
  • Apache Software Foundation Tomcat 4.1.36
  • Apache Software Foundation Tomcat 4.1.36
  • Apache Software Foundation Tomcat 4.1.37
  • Apache Software Foundation Tomcat 4.1.9 beta
  • Apache Software Foundation Tomcat 5.5.0
  • Apache Software Foundation Tomcat 5.5.1
  • Apache Software Foundation Tomcat 5.5.10
  • Apache Software Foundation Tomcat 5.5.11
  • Apache Software Foundation Tomcat 5.5.12
  • Apache Software Foundation Tomcat 5.5.13
  • Apache Software Foundation Tomcat 5.5.14
  • Apache Software Foundation Tomcat 5.5.15
  • Apache Software Foundation Tomcat 5.5.16
  • Apache Software Foundation Tomcat 5.5.17
  • Apache Software Foundation Tomcat 5.5.18
  • Apache Software Foundation Tomcat 5.5.19
  • Apache Software Foundation Tomcat 5.5.2
  • Apache Software Foundation Tomcat 5.5.20
  • Apache Software Foundation Tomcat 5.5.21
  • Apache Software Foundation Tomcat 5.5.22
  • Apache Software Foundation Tomcat 5.5.23
  • Apache Software Foundation Tomcat 5.5.24
  • Apache Software Foundation Tomcat 5.5.25
  • Apache Software Foundation Tomcat 5.5.26
  • Apache Software Foundation Tomcat 5.5.3
  • Apache Software Foundation Tomcat 5.5.4
  • Apache Software Foundation Tomcat 5.5.5
  • Apache Software Foundation Tomcat 5.5.6
  • Apache Software Foundation Tomcat 5.5.7
  • Apache Software Foundation Tomcat 5.5.8
  • Apache Software Foundation Tomcat 5.5.9
  • Apache Software Foundation Tomcat 6.0.0
  • Apache Software Foundation Tomcat 6.0.1
  • Apache Software Foundation Tomcat 6.0.10
  • Apache Software Foundation Tomcat 6.0.11
  • Apache Software Foundation Tomcat 6.0.12
  • Apache Software Foundation Tomcat 6.0.13
  • Apache Software Foundation Tomcat 6.0.14
  • Apache Software Foundation Tomcat 6.0.15
  • Apache Software Foundation Tomcat 6.0.16
  • Apache Software Foundation Tomcat 6.0.2
  • Apache Software Foundation Tomcat 6.0.3
  • Apache Software Foundation Tomcat 6.0.4
  • Apache Software Foundation Tomcat 6.0.5
  • Apache Software Foundation Tomcat 6.0.6
  • Apache Software Foundation Tomcat 6.0.7
  • Apache Software Foundation Tomcat 6.0.8
  • Apache Software Foundation Tomcat 6.0.9
  • Apple Mac OS X Server 10.5.5
  • Avaya AES 3.0
  • Avaya AES 3.1
  • Avaya AES 3.1.3
  • Avaya AES 3.1.4
  • Avaya AES 3.1.5
  • Avaya AES 3.1.6
  • Avaya AES 4.0
  • Avaya AES 4.0.1
  • Avaya AES 4.1
  • Avaya AES 4.2
  • Avaya AES 4.2.1
  • Avaya Meeting Exchange - Enterprise Edition
  • Avaya Meeting Exchange 5.0
  • Avaya Meeting Exchange 5.0.0.0.52
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0 _rc1
  • Gentoo Linux 1.4.0 _rc2
  • Gentoo Linux 1.4.0 _rc3
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • MandrakeSoft Linux Mandrake 2008.0
  • MandrakeSoft Linux Mandrake 2008.0 x86_64
  • MandrakeSoft Linux Mandrake 2008.1
  • MandrakeSoft Linux Mandrake 2008.1 x86_64
  • OpenJDK java 1.6.0
  • Opera Software Opera Web Browser 7.54.0
  • Oracle Oracle10g Application Server 10.1.3 .1.0
  • RedHat Application Server AS4 2
  • RedHat Application Server ES4 2
  • RedHat Application Server WS4 2
  • RedHat Developer Suite AS4 3
  • RedHat Enterprise Linux 5 server
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux Desktop Workstation 5 client
  • RedHat Fedora 8
  • RedHat Fedora 9
  • RedHat JBoss Enterprise Application Platform 4.2.0
  • RedHat JBoss Enterprise Application Platform 4.2.0 EL4
  • RedHat JBoss Enterprise Application Platform 4.2.0 EL5
  • RedHat JBoss Enterprise Application Platform 4.2.0.CP03
  • RedHat Red Hat Network Satellite (for RHEL 4) 5.1
  • RedHat Red Hat Network Satellite Server 5.0.0
  • RedHat Red Hat Network Satellite Server 5.0.1
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP2
  • S.u.S.E. openSUSE 10.2
  • S.u.S.E. openSUSE 10.3
  • S.u.S.E. openSUSE 11.0
  • Sun JRE (Linux Production Release) 1.4.2
  • Sun JRE (Linux Production Release) 1.4.2 _01
  • Sun JRE (Linux Production Release) 1.4.2 _02
  • Sun JRE (Linux Production Release) 1.4.2 _03
  • Sun JRE (Linux Production Release) 1.4.2 _04
  • Sun JRE (Linux Production Release) 1.4.2 _05
  • Sun JRE (Linux Production Release) 1.4.2 _06
  • Sun JRE (Linux Production Release) 1.4.2_07
  • Sun JRE (Linux Production Release) 1.4.2_08
  • Sun JRE (Linux Production Release) 1.4.2_09
  • Sun JRE (Linux Production Release) 1.4.2_10
  • Sun JRE (Linux Production Release) 1.4.2_10-b03
  • Sun JRE (Linux Production Release) 1.4.2_11
  • Sun JRE (Linux Production Release) 1.4.2_12
  • Sun JRE (Linux Production Release) 1.4.2_13
  • Sun JRE (Linux Production Release) 1.4.2_14
  • Sun JRE (Linux Production Release) 1.4.2_15
  • Sun JRE (Linux Production Release) 1.4.2_16
  • Sun JRE (Linux Production Release) 1.4.2_17
  • Sun JRE (Linux Production Release) 1.4.2_18
  • Sun JRE (Linux Production Release) 1.5.0
  • Sun JRE (Linux Production Release) 1.5.0 .0 beta
  • Sun JRE (Linux Production Release) 1.5.0_01
  • Sun JRE (Linux Production Release) 1.5.0_02
  • Sun JRE (Linux Production Release) 1.5.0_03
  • Sun JRE (Linux Production Release) 1.5.0_04
  • Sun JRE (Linux Production Release) 1.5.0_05
  • Sun JRE (Linux Production Release) 1.5.0_06
  • Sun JRE (Linux Production Release) 1.5.0_07
  • Sun JRE (Linux Production Release) 1.5.0_08
  • Sun JRE (Linux Production Release) 1.5.0_09
  • Sun JRE (Linux Production Release) 1.5.0_10
  • Sun JRE (Linux Production Release) 1.5.0_11
  • Sun JRE (Linux Production Release) 1.5.0_12
  • Sun JRE (Linux Production Release) 1.5.0_12
  • Sun JRE (Linux Production Release) 1.5.0_13
  • Sun JRE (Linux Production Release) 1.5.0_13
  • Sun JRE (Linux Production Release) 1.5.0_14
  • Sun JRE (Linux Production Release) 1.6.0_01
  • Sun JRE (Linux Production Release) 1.6.0_02
  • Sun JRE (Linux Production Release) 1.6.0_03
  • Sun JRE (Linux Production Release) 1.6.0_03
  • Sun JRE (Linux Production Release) 1.6.0_2
  • Sun JRE (Solaris Production Release) 1.4.2
  • Sun JRE (Solaris Production Release) 1.4.2 _01
  • Sun JRE (Solaris Production Release) 1.4.2 _02
  • Sun JRE (Solaris Production Release) 1.4.2 _03
  • Sun JRE (Solaris Production Release) 1.4.2 _04
  • Sun JRE (Solaris Production Release) 1.4.2 _05
  • Sun JRE (Solaris Production Release) 1.4.2 _06
  • Sun JRE (Solaris Production Release) 1.4.2_07
  • Sun JRE (Solaris Production Release) 1.4.2_08
  • Sun JRE (Solaris Production Release) 1.4.2_09
  • Sun JRE (Solaris Production Release) 1.4.2_10
  • Sun JRE (Solaris Production Release) 1.4.2_11
  • Sun JRE (Solaris Production Release) 1.4.2_12
  • Sun JRE (Solaris Production Release) 1.4.2_13
  • Sun JRE (Solaris Production Release) 1.4.2_14
  • Sun JRE (Solaris Production Release) 1.4.2_15
  • Sun JRE (Solaris Production Release) 1.4.2_16
  • Sun JRE (Solaris Production Release) 1.4.2_17
  • Sun JRE (Solaris Production Release) 1.4.2_18
  • Sun JRE (Solaris Production Release) 1.5.0
  • Sun JRE (Solaris Production Release) 1.5.0 _01
  • Sun JRE (Solaris Production Release) 1.5.0.0_07
  • Sun JRE (Solaris Production Release) 1.5.0.0_08
  • Sun JRE (Solaris Production Release) 1.5.0.0_09
  • Sun JRE (Solaris Production Release) 1.5.0_02
  • Sun JRE (Solaris Production Release) 1.5.0_03
  • Sun JRE (Solaris Production Release) 1.5.0_04
  • Sun JRE (Solaris Production Release) 1.5.0_05
  • Sun JRE (Solaris Production Release) 1.5.0_06
  • Sun JRE (Solaris Production Release) 1.5.0_10
  • Sun JRE (Solaris Production Release) 1.5.0_11
  • Sun JRE (Solaris Production Release) 1.5.0_12
  • Sun JRE (Solaris Production Release) 1.5.0_13
  • Sun JRE (Solaris Production Release) 1.5.0_14
  • Sun JRE (Solaris Production Release) 1.6.0_01
  • Sun JRE (Solaris Production Release) 1.6.0_02
  • Sun JRE (Solaris Production Release) 1.6.0_03
  • Sun JRE (Solaris Production Release) 1.6.0_2
  • Sun JRE (Windows Production Release) 1.4.2
  • Sun JRE (Windows Production Release) 1.4.2 _01
  • Sun JRE (Windows Production Release) 1.4.2 _02
  • Sun JRE (Windows Production Release) 1.4.2 _03
  • Sun JRE (Windows Production Release) 1.4.2 _04
  • Sun JRE (Windows Production Release) 1.4.2 _05
  • Sun JRE (Windows Production Release) 1.4.2 _05
  • Sun JRE (Windows Production Release) 1.4.2 _06
  • Sun JRE (Windows Production Release) 1.4.2_07
  • Sun JRE (Windows Production Release) 1.4.2_08
  • Sun JRE (Windows Production Release) 1.4.2_09
  • Sun JRE (Windows Production Release) 1.4.2_10
  • Sun JRE (Windows Production Release) 1.4.2_11
  • Sun JRE (Windows Production Release) 1.4.2_12
  • Sun JRE (Windows Production Release) 1.4.2_13
  • Sun JRE (Windows Production Release) 1.4.2_14
  • Sun JRE (Windows Production Release) 1.4.2_15
  • Sun JRE (Windows Production Release) 1.4.2_16
  • Sun JRE (Windows Production Release) 1.4.2_17
  • Sun JRE (Windows Production Release) 1.4.2_18
  • Sun JRE (Windows Production Release) 1.5.0
  • Sun JRE (Windows Production Release) 1.5.0.0_07
  • Sun JRE (Windows Production Release) 1.5.0.0_08
  • Sun JRE (Windows Production Release) 1.5.0.0_09
  • Sun JRE (Windows Production Release) 1.5.0_01
  • Sun JRE (Windows Production Release) 1.5.0_02
  • Sun JRE (Windows Production Release) 1.5.0_03
  • Sun JRE (Windows Production Release) 1.5.0_04
  • Sun JRE (Windows Production Release) 1.5.0_05
  • Sun JRE (Windows Production Release) 1.5.0_06
  • Sun JRE (Windows Production Release) 1.5.0_10
  • Sun JRE (Windows Production Release) 1.5.0_10
  • Sun JRE (Windows Production Release) 1.5.0_11
  • Sun JRE (Windows Production Release) 1.5.0_12
  • Sun JRE (Windows Production Release) 1.5.0_13
  • Sun JRE (Windows Production Release) 1.5.0_14
  • Sun JRE (Windows Production Release) 1.6.0_01
  • Sun JRE (Windows Production Release) 1.6.0_02
  • Sun JRE (Windows Production Release) 1.6.0_03
  • Sun JRE (Windows Production Release) 1.6.0_2
  • WiKID Systems WiKID Server 3.0.4

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.