HomePentest-Tools.com Logo

Apache Tomcat JNDI Realm Authentication Weakness Vulnerability (Jul 2021) - Windows CVE-2021-30640

Severity
CVSSv3 Score
6.5
Vulnerability description

Apache Tomcat is prone to an authentication weakness vulnerability in the JNDI Realm.

Risk description

Queries made by the JNDI Realm do not always correctly escape parameters. Parameter values could be sourced from user provided data (eg user names) as well as configuration data provided by an administrator. In limited circumstances it is possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm.

Recommendation

Update to version 7.0.109, 8.5.66, 9.0.46, 10.0.6 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 12, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available