Lucene search
+L

130 matches found

Amazon
Amazon
added 2025/04/01 12:0 a.m.24 views

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

9.8CVSS8.9AI score0.99945EPSS
Exploits48
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Medium: tomcat

Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...

7.5CVSS6.9AI score0.24622EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.51 views

K65078159: Apache Tomcat vulnerability CVE-2021-24122

Security Advisory Description When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause wa...

5.9CVSS7.7AI score0.22852EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.4 views

SUSE CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

5.3CVSS8.9AI score0.708EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

5.9CVSS8.7AI score0.22852EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.4 views

tomcat: Information disclosure when using NTFS file system

A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...

5.9CVSS7.2AI score0.22852EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/14 2:45 a.m.29 views

Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

5CVSS7.3AI score0.78018EPSS
Exploits6References11Affected Software1
OSV
OSV
added 2022/05/14 1:10 a.m.51 views

GHSA-8QQ4-8JVQ-MFW4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

7.5CVSS6.5AI score0.708EPSS
Exploits4References14
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.38 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

7.5CVSS2.6AI score0.708EPSS
Exploits4References14Affected Software1
OSV
OSV
added 2022/05/01 7:13 a.m.22 views

GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

4CVSS6.4AI score0.01356EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/01 2:31 a.m.23 views

Apache Tomcat allows remote attackers to read JSP source files

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS6.6AI score0.03474EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/01 2:31 a.m.48 views

GHSA-QRCX-P4RR-G48H Apache Tomcat allows remote attackers to read JSP source files

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS7.4AI score0.03474EPSS
Exploits0References6
OSV
OSV
added 2022/05/01 2:20 a.m.25 views

GHSA-CWQ3-QP8V-W8Q3 Mortbay Jetty Discloses JSP Source Code

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...

5CVSS6.4AI score0.04386EPSS
Exploits0References4
OSV
OSV
added 2022/02/04 7:15 p.m.4 views

CVE-2021-29395

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

7.5CVSS5.9AI score0.01801EPSS
Exploits0References2
Prion
Prion
added 2022/02/04 7:15 p.m.16 views

Directory traversal

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

5CVSS7.6AI score0.01801EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/09/15 12:0 a.m.41 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.2AI score0.22852EPSS
Exploits16References2
Tenable Nessus
Tenable Nessus
added 2021/09/14 12:0 a.m.43 views

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2021-2435)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39,...

7.5CVSS7AI score0.56636EPSS
Exploits16References3
NVD
NVD
added 2021/07/14 12:15 p.m.35 views

CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence BI Launchpad versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted...

4.3CVSS0.00656EPSS
Exploits0References2
OSV
OSV
added 2021/07/14 12:15 p.m.5 views

CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence BI Launchpad versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted...

4.3CVSS5.8AI score0.00656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/21 12:0 a.m.79 views

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

7.5CVSS7.3AI score0.24622EPSS
Exploits0References6
Rows per page
Query Builder