25 matches found
Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.
Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...
Photon OS 4.0: Apache PHSA-2023-4.0-0466
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0466. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Apache Tomcat [CVE-2023-34981]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Apache Tomcat, caused by a flaw when a response did not have any HTTP headers set CVE-2023-34981. Apache Tomcat is a component used by our Speech microservices. This...
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...
Vulnerability fixed in Oracle Supply Chain
Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...
Vulnerabilities fixed in Oracle Communications Applications
Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Acce...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2023-34981
Summary There is a vulnerability in Apache Tomcat that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION:...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.17, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.18. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.7)
The version of AOS installed on the remote host is prior to 6.6.2.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.7 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did n...
Upgrade Tomcat to fix CVE-2023-34981
h3. Issue Summary Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981 panel:bgColor=e3fcef Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases. This is an...
SUSE CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
Apache Tomcat Information Disclosure Vulnerability (Jun 2023) - Linux
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
CVE-2023-34981
creationtimestamp| type| source ---|---|--- 2023-06-21 14:26:10+00:00| seen| https://t.me/cibsecurity/65380 2024-02-07 09:37:01+00:00| seen| https://t.me/ctinow/180591...
CVE-2023-34981 Apache Tomcat: AJP response header mix-up
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
CVE-2023-34981 Apache Tomcat: AJP response header mix-up
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
CVE-2023-34981 Apache Tomcat: AJP response header mix-up
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
CVE-2023-34981
CVE-2023-34981 affects Apache Tomcat: a regression in the fix for bug 66512 causes no AJP SEND_HEADERS to be sent when a response has no HTTP headers, allowing an information leak via proxies (e.g., mod_proxy_ajp) leaking headers from a previous request. The initial description lists affected Tom...
Apache Tomcat 10.1.0 < 10.1.9
The version of Tomcat installed on the remote host is prior to 10.1.9. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.9security-10 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a...
Apache Tomcat 11.0.0-M1 < 11.0.0-M6
The version of Tomcat installed on the remote host is prior to 11.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m6security-11 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, ...
Fixed in Apache Tomcat 8.5.89
Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...