MiracleLinux 4 : tomcat6-6.0.24-57.AXS4 (AXSA:2013-491:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-491:04 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)

Tomcat was updated to fix security issues and bug: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2067:...

Debian DSA-2897-1 : tomcat7 - security update

Multiple security issues were found in the Tomcat servlet and JSP engine : - CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the log...

[SECURITY] [DSA 2897-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2897-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 08, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2897-1 (tomcat7 - security update)

Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login...

Debian: Security Advisory (DSA-2897-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting &#40;XSS&#41;, Cross-Site Request Forgery &#40;CSRF&#41;, Remote Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code, Unauthorized Access, Disclosure of Informa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04117626 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04117626 Version: 1 HPSBMU02964 rev....

[SECURITY] [DSA 2725-1] tomcat6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2725-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 18, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)

Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerab...

Debian: Security Advisory (DSA-2725-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : tomcat6 (ELSA-2013-0964)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0964 advisory. - Related: CVE-2013-2067 Session fixation Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Ness...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update

Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RedHat Update for tomcat6 RHSA-2013:0964-01

The remote host is missing an update for the Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 6 : tomcat6 (CESA-2013:0964)

Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130620)

A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. CVE-2013-2067 Tomcat must...

RHEL 6 : tomcat6 (RHSA-2013:0964)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0964 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. A session fixation flaw was found in the Tomcat...

tomcat6 security update

CentOS Errata and Security Advisory CESA-2013:0964 Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

tomcat6 security update

0:6.0.24-57 - Related: CVE-2013-2067 Session fixation 0:6.0.24-56 - Resolves: CVE-2013-2067 session fixation...

Apache Tomcat表单验证功能安全绕过漏洞

CVE ID: CVE-2013-2067 Apache Tomcat是一款开放源码的JSP应用服务器程序 Apache Tomcat表单验证功能中的java/org/apache/catalina/authenticator/FormAuthenticator.java不正确处理验证需求和会话之前的关系，允许远程攻击者ilyong漏洞在完成登录表单过程中对已验证资源发送请求，可把请求注入到会话中，使用目标验证凭据执行该请求。此漏洞是会话固定攻击的一个变种 0 Apache Tomcat 6.0.21 - 6.0.36 Apache Tomcat 7.x 厂商解决方案 Apache...