Important: tomcat

Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...

quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure

A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure...

Cross-site Scripting (XSS)

quarkus-vertx-http is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library's form authentication session cookie path attribute is set to /, which allows an attacker to redirect malicious URLs, resulting in information disclosure...

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

Design/Logic Flaw

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

CVE-2023-0044

CVE-2023-0044 concerns Quarkus Form Authentication: if the session cookie Path is set to “/”, a cross-site attack may disclose information. The issue is described across multiple sources tied to Quarkus advisories (Red Hat RHSA entries and IBM/OSV records) and is mitigated by the Quarkus CSRF Pre...

K00303143: Apache Tomcat vulnerability CVE-2022-34305

Security Advisory Description In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. CVE-2022-34305 Impact A...

SUSE CVE-2009-0580

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

SUSE CVE-2012-3546

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

SUSE CVE-2013-2067

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

SUSE CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

SUSE CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure

A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6)

The version of AOS installed on the remote host is prior to 6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc...

CVE-2023-0044

A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure. Mitigation This attack can be prevented with the Quarkus CSRF Prevention feature...

PT-2023-8750 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus affected versions not specified Description: The issue is related to the Quarkus Form Authentication session cookie Path attribute being set to /, which may lead to a cross-site attack and potentially result in Information Disclosure...

Fixed in Apache Tomcat 8.5.82

Low: Apache Tomcat XSS in examples web application CVE-2022-34305 The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. This was fixed with commit 5f6c88b0. This issue was reported to the Apache Tomcat Securit...