246 matches found
.NET Form Authentication Insecure Redirect
Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...
Microsoft .Net Form Authentication Insecure Redirect (MS11-100; CVE-2011-3415)
A spoofing vulnerability has been reported in Microsoft .NET Framework. The vulnerability is due to an error in the way .NET Framework verifies return URLs during the forms authentication process. A remote attacker may exploit this vulnerability by enticing users to open a malicious link...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
Apache Tomcat Form Authentication Username Enumeration Weakness
Exploit for unknown platform in category remote exploits =============================================================== Apache Tomcat Form Authentication Username Enumeration Weakness =============================================================== Title: Apache Tomcat Form Authentication Usernam...
Apache Tomcat Form Authentication Username Enumeration Weakness
No description provided by source. Attackers can use readily available tools to exploit this issue. The following example POST data is available: POST /jsecuritycheck HTTP/1.1 Host: www.example.com jusername=tomcat&jpassword=%...
Apache Tomcat - Form Authentication Username Enumeration
Apache Tomcat - Form Authentication Username Enumeration Attackers can use readily available tools to exploit this issue. The following example POST data is available: POST /jsecuritycheck HTTP/1.1 Host: www.example.com jusername=tomcat&jpassword=%...
Apache Tomcat - Form Authentication 'Username' Enumeration
Attackers can use readily available tools to exploit this issue. The following example POST data is available: POST /jsecuritycheck HTTP/1.1 Host: www.example.com jusername=tomcat&jpassword=%...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
tomcat6 Information disclosure in authentication classes
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
The remote host is missing an update to tomcat5 announced via advisory MDVSA-2009:136. OpenVAS Vulnerability Test $Id: mdksa2009136.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:136 tomcat5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:138)
Multiple security vulnerabilities has been identified and fixed in tomcat5 : Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, whic...
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:136)
Multiple security vulnerabilities has been identified and fixed in tomcat5 : When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned ...
[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...