142 matches found
Fixed in Apache Tomcat 8.5.75
Note: The issue below was fixed in Apache Tomcat 8.5.74 but the release vote for the 8.5.74 release candidate did not pass. Therefore, although users must download 8.5.75 to obtain a version that includes a fix for these issues, version 8.5.74 is not included in the list of affected versions. Low...
hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-45105 via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.12)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.4 and more Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...
Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...
NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Vulnerability (NS-SA-2021-0135)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by a vulnerability: - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Apache Tomcat 10.0.0.M1 < 10.0.0.M5
The version of Tomcat installed on the remote host is prior to 10.0.0.M5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.0-m5security-10 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 ...
Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
Summary Apache Tomcat vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-9484 DESCRIPTION: Apache Tomcat could allow a remote authenticated attacker to execute arbitrary cod...
[SECURITY] Fedora 32 Update: gitit-0.12.3.2-6.fc32
Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...
Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4448-1 advisory. It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause...
Ubuntu: Security Advisory (USN-4448-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Updated tomcat packages fix security vulnerability
Updated tomcat packages fix security vulnerability: When using Apache Tomcat versions 9.0.0.M1 to 9.0.34, if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the PersistenceManager ...
Important: tomcat
Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...
Important: tomcat7
Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...
Important: tomcat8
Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...
EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-1645)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections ...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...