CSAL#55
|
Security Notification # CSAL55 |
|
Advisory Title: Vulnerable version of Apache Tomcat |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#55 |
Document Name: |
Security Notification # CSAL55 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL55 |
CVE / Vulnerability Reference |
OWASP(A6) CVE-2016-8735 |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
9 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Vulnerable version of Apache Tomcat was found in usage with multiple vulnerabilities i.e. Apache Tomcat: Important: Remote Code Execution (CVE-2016-8735) (apache-tomcat-cve-2016-8735), (CVE-2017-5651) (apache tomcat-cve-2017-5651), (CVE-2018-8014) (apache-tomcat-cve-2018-8014), (CVE-2022-25762) (apache-tomcat cve-2022-25762) Vulnerable software installed: Apache Tomcat 8.5.5 |
|||||
|
Impact |
The discovery of multiple vulnerabilities within our deployed version of Apache Tomcat (8.5.5) highlights critical security risks that threaten the confidentiality, integrity, and availability of our web applications and the underlying data. These vulnerabilities open up the system to several potential attack vectors |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||