Medium: tomcat8

🗓️ 10 Mar 2016 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 53 Views

Directory traversal and code execution vulnerabilities in tomcat

Reporter	Title	Published	Views	Family All 385
IBM Security Bulletins	Security Bulletin: WAS traditional and liberty vulnerable to CVE-2014-7810	16 Jan 201909:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat as used in IBM QRadar SIEM is vulnerable to a security bypass. (CVE-2014-7810)	16 Jun 201821:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller and Storwize Family	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)	17 Jun 201805:10	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2014-7810)	14 Sep 202215:02	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2018-1770), (CVE-2018-7810), (CVE-2018-1793), (CVE-2018-1794), (CVE-2018-1777)	21 Oct 201819:50	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2014-7810)	30 Jan 201910:35	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is susceptible to multiple vulnerabilities. (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714, CVE-2015-5174)	16 Jun 201821:42	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	any	tomcat8	8.0.30-1.57.amzn1	tomcat8-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-admin-webapps	8.0.30-1.57.amzn1	tomcat8-admin-webapps-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-docs-webapp	8.0.30-1.57.amzn1	tomcat8-docs-webapp-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-el-3.0-api	8.0.30-1.57.amzn1	tomcat8-el-3.0-api-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-javadoc	8.0.30-1.57.amzn1	tomcat8-javadoc-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-jsp-2.3-api	8.0.30-1.57.amzn1	tomcat8-jsp-2.3-api-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-lib	8.0.30-1.57.amzn1	tomcat8-lib-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-log4j	8.0.30-1.57.amzn1	tomcat8-log4j-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-servlet-3.1-api	8.0.30-1.57.amzn1	tomcat8-servlet-3.1-api-8.0.30-1.57.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat8-webapps	8.0.30-1.57.amzn1	tomcat8-webapps-8.0.30-1.57.amzn1.noarch.rpm

10 Mar 2016 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 35.3

EPSS0.4988

remote authenticated users security manager restrictions mapper component url redirection expression language resolver malicious web application security manager protections package update red hat mitre unix