K16828: Apache Tomcat vulnerability CVE-2005-2090

Security Advisory Description Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length...

Fedora Update for Pound FEDORA-2014-13777

Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868477";...

Fedora Update for Pound FEDORA-2014-13764

Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868456";...

[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4286 Incomplete fix for CVE-2005-2090 Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37...

Oracle Linux 5 : Important: / tomcat (ELSA-2007-0327)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0327 advisory. jakarta-commons-modeler-1.1-8jpp.1.0.2.el5 1.1-8jpp.1.0.2.el5 - rebuild after the fix for bug 238139 made it into the build root - Resolves: bug 238694...

Scientific Linux Security Update : tomcat on SL5.x i386/x86_64

Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks CVE-2007-2449. Note: it is recommended the 'examples' web application not be installed on a...

RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. ...

SuSE9 Security Update : Tomcat (YOU Patch Number 12078)

Fixed various issues in tomcat : - modjk directory traversal. CVE-2007-1860 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of a double-quote character in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - tomcat HTTP Request Smuggling...

VMSA-2008-0002 : Low severity security update for VirtualCenter and ESX

Updated VirtualCenter fixes the following application vulnerabilities a. Tomcat Server Security Update This release of VirtualCenter Server updates the Tomcat Server package from 5.5.17 to 5.5.25, which addresses multiple security issues that existed in the earlier releases of Tomcat Server. The...

FreeBSD Ports: apache-tomcat

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: apache-tomcat

The remote host is missing an update to the system as announced in the referenced advisory. VID 872623af-39ec-11dc-b8cc-000fea449b8a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Moderate: Red Hat Security Advisory: Red Hat Network Satellite Server security update

Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal...

openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)

Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting XSS vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860:...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)

Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...

Mac OS X Multiple Vulnerabilities (Security Update 2007-007)

The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...

RHEL 5 : tomcat (RHSA-2007:0327)

Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomca...

Important: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix multiple security issues and a bug are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages...

Fixed in Apache Tomcat 5.5.23, 5.0.SVN

Important: Information disclosure CVE-2005-2090 Requests with multiple content-length headers should be rejected as invalid. When multiple components firewalls, caches, proxies and Tomcat process a sequence of requests where one or more requests contain multiple content-length headers and several...

CVE-2005-2090

CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...

Fixed in Apache Tomcat 6.0.11

Moderate: Cross-site scripting CVE-2007-1355 The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided...