246 matches found
Authentication flaw
SAP HANA Extend Application Services XS does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network...
CVE-2014-5171
SAP HANA Extend Application Services XS does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network...
CVE-2014-5171
SAP HANA Extend Application Services XS does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
Netsparker v3.5 - Web Application Security Scanner
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
Apache Tomcat <= 6.0.18 Form Authentication Existing/Non-Existing Username Enumeration Weakness
No description provided by source. source: http://www.securityfocus.com/bid/35196/info Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to disce...
jetty 6.x - 7.x xss, information disclosure, injection
No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...
DSA-2897-1 tomcat7 - security update
Bulletin has no description...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
form_auth
This plugin bruteforces form authentication logins. Eleven configurable parameters exist: usersFile stopOnFirst passwdFile passEqUser useLeetPasswd useMailUsers useSvnUsers useMails useProfiling profilingNumber comboFile comboSeparator This plugin will take users from the file pointed by...
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
CVE-2013-2067
CVE-2013-2067 affects Apache Tomcat FormAuthenticator: in Tomcat 6.0.21–6.0.36 and 7.x before 7.0.33, the relationship between authentication requirements and sessions is mishandled, allowing a remote attacker to inject a request into a session during login completion (session fixation variant). ...
CVE-2013-2067
Removed by vendor...
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
UBUNTU-CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...
RedHat Update for tomcat5 RHSA-2013:0640-01
Check for the Version of tomcat5 OpenVAS Vulnerability Test RedHat Update for tomcat5 RHSA-2013:0640-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Web: Bypass of security constraints
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...
Web: Bypass of security constraints
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...
Web: Bypass of security constraints
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...