Lucene search
GoogleOSV:USN-6908-1HistoryJul 23, 2024 - 2:03 p.m.
tomcat vulnerabilities
2024-07-2314:03:15
Google
osv.dev
8
tomcat
ssi
printenv
command
vulnerability
uncommon
persistencemanager
configuration
xss
attack
cve-2019-0221
cve-2020-9484
cve-2021-25329
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.914
Percentile
99.0%
It was discovered that the Tomcat SSI printenv command echoed user
provided data without escaping it. An attacker could possibly use this
issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker could
possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-25329)
Related
openvas
openvas
Ubuntu: Security Advisory (USN-6908-1)
2024-07-24 00:00:00
Apache Tomcat RCE Vulnerability (Mar 2021) - Linux
2021-03-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1431-1)
2021-06-09 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2024-07-23 00:00:00
nessus
nessus
openSUSE Security Update : tomcat (openSUSE-2021-496)
2021-04-05 00:00:00
Amazon Linux AMI : tomcat7 (ALAS-2021-1493)
2021-04-07 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2021-03-02 07:51:38
Remote Code Execution
2021-03-03 06:05:38
Remote Code Execution
2020-05-21 03:52:01
attackerkb
attackerkb
CVE-2020-9484 — PersistentManager Java deserialization vulnerability
2020-05-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.108
2021-02-05 00:00:00
Fixed in Apache Tomcat 9.0.43
2021-02-02 00:00:00
Fixed in Apache Tomcat 10.0.2
2021-02-02 00:00:00
debiancve
debiancve
nvd
nvd
osv
osv
Potential remote code execution in Apache Tomcat
2021-03-19 20:11:13
BIT-tomcat-2021-25329
2024-03-06 11:10:17
CGA-457j-5q26-g4hx
2024-06-06 12:13:42
github
github
Potential remote code execution in Apache Tomcat
2021-03-19 20:11:13
Potential remote code execution in Apache Tomcat
2020-05-21 18:52:29
Cross-site scripting in Apache Tomcat
2019-05-30 03:30:42
cvelist
cvelist
CVE-2021-25329 Incomplete fix for CVE-2020-9484
2021-03-01 12:00:20
CVE-2020-9484
2020-05-20 18:26:41
CVE-2019-0221
2019-05-28 21:01:28
amazon
amazon
Low: tomcat7
2021-04-07 00:18:00
Important: tomcat8
2020-06-23 06:47:00
Important: tomcat7
2020-06-23 06:45:00
prion
prion
Design/Logic Flaw
2021-03-01 12:15:00
Command injection
2019-05-28 22:29:00
Deserialization of untrusted data
2020-05-20 19:15:00
redhatcve
redhatcve
f5
f5
K73648110 : Apache Tomcat vulnerability CVE-2021-25329
2021-03-16 00:00:00
K03121171 : Apache Tomcat vulnerability CVE-2020-9484
2020-05-27 00:00:00
K13184144 : Apache Tomcat vulnerability CVE-2019-0221
2019-10-10 00:00:00
cve
cve
CVE-2021-25329
2021-03-01 12:15:14
CVE-2019-0221
2019-05-28 22:29:00
ubuntucve
ubuntucve
suse
suse
Security update for tomcat (important)
2021-04-02 00:00:00
Security update for tomcat (important)
2020-05-25 00:00:00
redhat
redhat
(RHSA-2021:2562) Moderate: Red Hat JBoss Web Server 5.5.0 security release
2021-06-29 08:35:57
(RHSA-2021:2561) Moderate: Red Hat JBoss Web Server 5.5.0 Security release
2021-06-29 08:34:12
(RHSA-2020:2509) Important: Red Hat JBoss Web Server 5.3.1 security update
2020-06-10 17:01:08
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2021-07-20 13:46:47
Updated tomcat packages fix security vulnerability
2020-07-05 14:26:44
rosalinux
rosalinux
Advisory ROSA-SA-2021-1988
2021-07-02 18:17:52
kaspersky
kaspersky
KLA12105 ACE vulnerability in Apache Tomcat
2021-02-05 00:00:00
KLA11785 Security vulnerability in Apache Tomcat
2020-05-11 00:00:00
KLA11784 Security vulnerability in Apache Tomcat
2020-05-16 00:00:00
cgr
cgr
CVE-2021-25329 vulnerabilities
2024-05-19 03:07:16
debian
debian
[SECURITY] [DLA 2596-1] tomcat8 security update
2021-03-16 05:29:03
[SECURITY] [DLA 2217-1] tomcat7 security update
2020-05-23 17:27:59
[SECURITY] [DLA 1810-1] tomcat7 security update
2019-05-30 08:24:55
gentoo
gentoo
Apache Tomcat: Remote code execution
2020-06-15 00:00:00
atlassian
atlassian
Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
2020-06-25 04:59:30
Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
2020-06-25 04:59:30
archlinux
archlinux
[ASA-202006-7] tomcat9: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-5] tomcat8: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-6] tomcat7: arbitrary code execution
2020-06-06 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2021-01-26 22:51:30
Exploit for Deserialization of Untrusted Data in Oracle Retail Order Broker
2021-01-15 17:59:50
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2020-09-05 13:56:51
ibm
ibm
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-9484)
2020-07-24 22:19:08
centos
centos
tomcat security update
2020-06-11 21:13:08
oraclelinux
oraclelinux
tomcat security update
2020-06-11 00:00:00
tomcat6 security update
2020-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: tomcat-9.0.36-1.fc31
2020-06-23 01:14:05
[SECURITY] Fedora 32 Update: tomcat-9.0.36-1.fc32
2020-06-23 01:22:02
broadcom
broadcom
BSA-2022-1839
2022-05-03 00:00:00
nuclei
nuclei
Apache Tomcat Remote Command Execution
2020-07-03 05:39:02
Apache Tomcat - Cross-Site Scripting
2021-03-05 14:38:39
exploitdb
exploitdb
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
2021-07-13 00:00:00
packetstorm
packetstorm
Apache Tomcat 9.0.0.M1 Cross Site Scripting
2021-07-12 00:00:00
zdt
zdt
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Vulnerability
2021-07-13 00:00:00
freebsd
freebsd
Apache Tomcat Remote Code Execution via session persistence
2020-05-12 00:00:00
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.914
Percentile
99.0%
Related for OSV:USN-6908-1