Linux Distros Unpatched Vulnerability : CVE-2021-43980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremel...

RHEL 8 : pki-servlet-engine (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Apache Tomcat: Information disclosure CVE-2021-43980 Note that Nessus has not tested for this issue but has instead...

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2023-005 (ALASTOMCAT9-2023-005)

The version of tomcat installed on the remote host is prior to 9.0.65-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-005 advisory. The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards...

Low: tomcat

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-43980

Summary IBM UrbanCode Build is affected by CVE-2021-43980 Vulnerability Details CVEID:CVE-2021-43980 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. ...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat. Vulnerability Details CVEID:CVE-2021-43980 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2022:4257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4257-1 advisory. - CVE-2021-43980: Fixed information disclosure due to concurrency issues in Http11Processor bsc1203868. - CVE-2022-42252: Fixed a...

SUSE: Security Advisory (SUSE-SU-2022:4257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:4221-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2022:4221-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4221-1 advisory. - CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. bsc1203868 - CVE-2022-42252: Fixed a request...

SUSE: Security Advisory (SUSE-SU-2022:4009-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5265-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

[SECURITY] [DSA 5265-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5265-1 [email protected] https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3160-1] tomcat9 security update

Debian LTS Advisory DLA-3160-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 26, 2022 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u7 CVE ID : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885 Several security vulnerabilities have been...

Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Linux

Apache Tomcat is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Windows

Apache Tomcat is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...