Lucene search
+L

47 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.32 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-2350)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.58 views

K32469285: Apache Tomcat vulnerability CVE-2021-33037

Security Advisory Description Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat...

5.3CVSS7.9AI score0.75353EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/11/20 12:0 a.m.41 views

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:1490-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1490-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

7.5CVSS7.2AI score0.75353EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.29 views

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3672-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

7.5CVSS7.2AI score0.75353EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.40 views

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2021:3670-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3670-1 advisory. - CVE-2021-30640: Escape parameters in JNDI Realm queries bsc1188279. - CVE-2021-33037: Process T-E header from both HTTP 1.0 and...

7.5CVSS6.8AI score0.75353EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2021/11/05 12:0 a.m.37 views

SUSE SLES12: javapackages-tools / tomcat / tomcat-admin-webapps / etc (SUSE-SU-2021:3602-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3602-1 advisory. This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in...

7.5CVSS6.8AI score0.75353EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.46 views

F5 Networks BIG-IP : Apache Tomcat vulnerability (K32469285)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32469285 advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...

5.3CVSS7.3AI score0.75353EPSS
Exploits1References2
Mageia
Mageia
added 2021/10/23 10:5 a.m.116 views

Updated tomcat packages fix security vulnerability

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. CVE-2021-30640 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not...

7.5CVSS7AI score0.75353EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2021/09/09 12:0 a.m.40 views

Amazon Linux AMI : tomcat8 (ALAS-2021-1535)

The version of tomcat8 installed on the remote host is prior to 8.5.69-1.88. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1535 advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding...

5.3CVSS7.3AI score0.75353EPSS
Exploits1References3
Amazon
Amazon
added 2021/09/08 12:0 a.m.43 views

Medium: tomcat8

Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...

5.3CVSS7.9AI score0.75353EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/08/09 12:0 a.m.31 views

Debian DLA-2733-1 : tomcat8 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2733 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protecti...

6.5CVSS7.3AI score0.75353EPSS
Exploits1References8
Debian
Debian
added 2021/08/05 9:40 p.m.107 views

[SECURITY] [DLA 2733-1] tomcat8 security update

Debian LTS Advisory DLA-2733-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 05, 2021 https://wiki.debian.org/LTS Package : tomcat8 Version : 8.5.54-0+deb9u7 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 991046 Several security vulnerabilitie...

6.5CVSS6.8AI score0.75353EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/08/03 12:0 a.m.90 views

Apache Tomcat 9.0.0.M1 < 9.0.48

The version of Tomcat installed on the remote host is prior to 9.0.48. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.48security-9 advisory. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...

5.3CVSS7.2AI score0.75353EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/08/03 12:0 a.m.318 views

Apache Tomcat 8.5.0 < 8.5.68

The version of Tomcat installed on the remote host is prior to 8.5.68. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.68security-8 advisory. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...

5.3CVSS7.2AI score0.75353EPSS
Exploits1References5
Veracode
Veracode
added 2021/07/30 3:29 a.m.35 views

Request Smuggling

tomcat-coyote is vulnerable request smuggling. Incorrect way of parsing of the HTTP transfer-encoding request header causes request smuggling when it is used with a reverse proxy and if the client declared it would only accept an HTTP/1.0 response...

5.3CVSS0.4AI score0.75353EPSS
Exploits1References22Affected Software7
RedhatCVE
RedhatCVE
added 2021/07/12 6:56 p.m.107 views

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS6AI score0.75353EPSS
Exploits1References3
OSV
OSV
added 2021/07/12 3:15 p.m.3 views

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS6.1AI score
Exploits0References16
Prion
Prion
added 2021/07/12 3:15 p.m.41 views

Cross site request forgery (csrf)

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5CVSS5.3AI score0.75353EPSS
Exploits1References16Affected Software22
UbuntuCve
UbuntuCve
added 2021/07/12 3:15 p.m.81 views

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS6.8AI score0.75353EPSS
Exploits1References9
Apache Tomcat
Apache Tomcat
added 2021/06/15 12:0 a.m.63 views

Fixed in Apache Tomcat 10.0.7

Important: Request Smuggling CVE-2021-33037 Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility of request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored the transfer-encoding header i...

5.3CVSS6AI score0.75353EPSS
Exploits1Affected Software1
Rows per page
Query Builder