According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities:

An error exists related to chunk size and chunked requests that allows denial of service attacks. (CVE-2014-0075)
An error exists related to XSLT handling and security managers that allows a security bypass related to external XML entities. (CVE-2014-0096)
An error exists related to content length header handling and using the application behind a reverse proxy that allows a security bypass. (CVE-2014-0099)
An error exists that allows undesired XML parsers to be injected into the application by a malicious web application, allows the bypassing of security controls, and allows the processing of external XML entities. (CVE-2014-0119)

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.

Binary data 8934.pasl

VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Vendor	Product	Version	CPE
apache	tomcat		cpe:/a:apache:tomcat

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.41

nessus 46

ibm 33

redhat 20

mageia 1

openvas 27

tomcat 5

threatpost 1

oraclelinux 5

kaspersky 2

freebsd 1

ubuntu 2

securityvulns 5

amazon 2

fedora 1

centos 3

symantec 1

f5 8

ubuntucve 4

github 4

prion 4

debiancve 4

osv 6

cve 4

veracode 2

debian 4

gentoo 1

oracle 3

nessus

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

2014-05-30 00:00:00

Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)

2015-01-19 00:00:00

RHEL 5 / 6 : JBoss EAP (RHSA-2014:0843)

2014-07-08 00:00:00

ibm

Security Bulletin: Apache Tomcat security vulnerability issues on IBM SONAS (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-18 00:08:32

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-17 04:56:14

Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-18 00:08:28

redhat

(RHSA-2014:0842) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

2014-07-07 14:40:34

(RHSA-2014:0843) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

2014-07-07 00:00:00

(RHSA-2014:0833) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-07-03 16:52:09

mageia

Updated tomcat and tomcat6 packages fix security vulnerabilities

2014-06-20 00:30:12

openvas

Mageia: Security Advisory (MGASA-2014-0268)

2022-01-28 00:00:00

Oracle: Security Advisory (ELSA-2014-1034)

2015-10-06 00:00:00

Ubuntu: Security Advisory (USN-2302-1)

2014-08-05 00:00:00

tomcat

Fixed in Apache Tomcat 6.0.41

2014-05-23 00:00:00

Fixed in Apache Tomcat 7.0.53

2014-03-30 00:00:00

Fixed in Apache Tomcat 8.0.5

2014-03-27 00:00:00

threatpost

Apache Patches Bugs in Tomcat

2014-05-30 12:31:25

oraclelinux

tomcat security update

2014-08-07 00:00:00

tomcat security update

2014-07-23 00:00:00

tomcat6 security and bug fix update

2014-07-09 00:00:00

kaspersky

KLA10072 Multiple vulnerabilities in Apache Tomcat

2014-03-30 00:00:00

KLA10070 RLF vulnerability in Apache Tomcat

2014-05-31 00:00:00

freebsd

tomcat -- multiple vulnerabilities

2014-05-23 00:00:00

ubuntu

Tomcat vulnerabilities

2014-07-30 00:00:00

Tomcat vulnerabilities

2015-06-25 00:00:00

securityvulns

Apache Tomcat multiple security vulnerabilities

2014-05-29 00:00:00

[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

2014-05-29 00:00:00

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

2014-05-29 00:00:00

amazon

Medium: tomcat8

2015-05-14 14:40:00

Medium: tomcat7

2015-05-14 14:38:00

fedora

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

2015-02-23 08:03:06

centos

tomcat6 security update

2014-07-09 16:09:49

tomcat security update

2014-08-07 18:48:52

tomcat6 security update

2014-08-11 18:04:13

symantec

SA100 : Apache Tomcat Vulnerabilities

2015-07-23 08:00:00

SOL15429 - Apache Tomcat vulnerability CVE-2014-0119

2014-07-17 00:00:00

K15429 : Apache Tomcat vulnerability CVE-2014-0119

2014-10-14 00:00:00

SOL15432 - Apache Tomcat vulnerability CVE-2014-0099

2014-07-17 00:00:00

ubuntucve

CVE-2014-0119

2014-05-31 00:00:00

CVE-2014-0096

2014-05-31 00:00:00

CVE-2014-0099

2014-05-31 00:00:00

github

Improper Input Validation in Apache Tomcat

2022-05-14 01:10:18

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

Missing XML Validation in Apache Tomcat

2022-05-14 01:10:18

prion

Integer overflow

2014-05-31 11:17:00

Xxe

2014-05-31 11:17:00

Xxe

2014-05-31 11:17:00

debiancve

CVE-2014-0096

2014-05-31 11:17:00

CVE-2014-0099

2014-05-31 11:17:00

CVE-2014-0119

2014-05-31 11:17:00

osv

Improper Input Validation in Apache Tomcat

2022-05-14 01:10:18

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

Missing XML Validation in Apache Tomcat

2022-05-14 01:10:18

cve

CVE-2014-0099

2014-05-31 11:17:00

CVE-2014-0119

2014-05-31 11:17:00

CVE-2014-0096

2014-05-31 11:17:00

veracode

XML External Entity (XXE)

2017-04-07 03:32:44

Denial Of Service (DoS) Resource Consumption

2019-01-15 08:55:33

debian

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3530-1] tomcat6 security update

2016-03-25 18:47:56

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

oracle

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Oracle Critical Patch Update - October 2014

2014-10-14 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 8934.PASL