42 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-30640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the...
Photon OS 3.0: Apache PHSA-2021-3.0-0327
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0327. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)
The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid...
Medium: tomcat
Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...
K35033051: Tomcat vulnerability CVE-2021-30640
Security Advisory Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45...
SUSE CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...
Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-30640)
Summary IBM Rational Build Forge is affected by CVE-2021-30640. Vulnerability Details CVEID: CVE-2021-30640 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted...
Ubuntu: Security Advisory (USN-5360-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-30640
Summary IBM UrbanCode Build is affected by CVE-2021-30640 Vulnerability Details CVEID: CVE-2021-30640 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request...
Mageia: Security Advisory (MGASA-2021-0485)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30640
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.4 are affected by CVE-2021-30640 Vulnerability Details CVEID: CVE-2021-30640 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.0 Security release
Red Hat JBoss Web Server 5.6.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...
openSUSE: Security Advisory for tomcat (openSUSE-SU-2021:1490-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1490-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients bsc1188278. - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2021:3670-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3670-1 advisory. - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and...
openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3672-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2021:3672-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3672-1 advisory. - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1...
SUSE: Security Advisory (SUSE-SU-2021:3670-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:3672-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...