142 matches found
Race condition in Apache Tomcat
The fix for bug CVE-2020-9484 introduced a time of check time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Apache Tomcat permission permission and access control issues vulnerability
Apache Tomcat is a lightweight web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat is vulnerable to privilege permission and access control issues, and an attacker can bypass Apache Tomcat's...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Upgrade Tomcat to version 8.5.75 - CVE-2020-9484/CVE-2022-23181
The latest version of Tomcat bundled in Jira 8.21 is 8.5.72. Vulnerability is referenced in the fixedinapachetomcat8.5.75security-8 advisory. panel CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is...
DEBIAN-CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Code injection
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
UBUNTU-CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
CVE-2022-23181 Local privilege escalation with FileStore
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Apache Tomcat 9.0.35 < 9.0.58 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.58. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.58security-9 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to...
Apache Tomcat 10.0.0.M5 < 10.0.16 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.0.16. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.16security-10 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to...
Fixed in Apache Tomcat 10.1.0-M10
Note: The issue below was fixed in Apache Tomcat 10.1.0-M9 but the release vote for the 10.1.0-M9 release candidate did not pass. Therefore, although users must download 10.1.0-M10 to obtain a version that includes a fix for these issues, version 10.1.0-M9 is not included in the list of affected...
Fixed in Apache Tomcat 10.0.16
Note: The issue below was fixed in Apache Tomcat 10.0.15 but the release vote for the 10.0.15 release candidate did not pass. Therefore, although users must download 10.0.16 to obtain a version that includes a fix for these issues, version 10.0.15 is not included in the list of affected versions...
Fixed in Apache Tomcat 9.0.58
Note: The issue below was fixed in Apache Tomcat 9.0.57 but the release vote for the 9.0.57 release candidate did not pass. Therefore, although users must download 9.0.58 to obtain a version that includes a fix for these issues, version 9.0.57 is not included in the list of affected versions. Low...
PT-2022-5376
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.55 through 8.5.73 Apache Tomcat versions 9.0.35 through 9.0.56 Apache Tomcat versions 10.0.0-M5 through 10.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.0-M8 Description The issue is related to a time of check,...