Lucene search
K

130 matches found

Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.59 views

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

8.1CVSS7.4AI score0.99988EPSS
Exploits39References10
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.51 views

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...

7.5CVSS7AI score0.56636EPSS
Exploits16References3
Tenable Nessus
Tenable Nessus
added 2021/04/09 12:0 a.m.149 views

Apache Tomcat 7.0.0 < 7.0.107

The version of Tomcat installed on the remote host is prior to 7.0.107. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.107security-7 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 t...

5.9CVSS7.5AI score0.22852EPSS
Exploits0References3
OSV
OSV
added 2021/03/05 11:2 a.m.4 views

OESA-2021-1075 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

5.9CVSS7.6AI score0.22852EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/02/11 1:51 p.m.5 views

tomcat: Information disclosure when using NTFS file system

A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...

5.9CVSS7.2AI score0.22852EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2021/02/11 1:51 p.m.6 views

tomcat: Information disclosure when using NTFS file system

A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...

5.9CVSS7.2AI score0.22852EPSS
Exploits0References8
CNVD
CNVD
added 2021/01/16 12:0 a.m.22 views

Apache Tomcat Information Disclosure Vulnerability (CNVD-2021-11841)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...

5.9CVSS6AI score0.22852EPSS
Exploits0References1
OSV
OSV
added 2021/01/14 3:15 p.m.1 views

DEBIAN-CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

5.9CVSS7.3AI score0.22852EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/14 12:0 a.m.6 views

Apache Tomcat 信息泄露漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...

5.9CVSS6.9AI score0.22852EPSS
Exploits0References33
Tenable Nessus
Tenable Nessus
added 2020/12/10 12:0 a.m.159 views

Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

7.5CVSS7.3AI score0.24622EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.9 views

PT-2020-20935

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.106 Apache Tomcat versions 8.5.0 through 8.5.59 Apache Tomcat versions 9.0.0.M1 through 9.0.39 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Description When serving resources from a network locati...

10CVSS7.2AI score0.99999EPSS
Exploits191References154
Broadcom
Broadcom
added 2020/07/06 12:0 a.m.7 views

BSA-2020-1043

Security Advisory ID : BSA-2020-1043 Component : Apache Tomcat Revision : 1.0: Final When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially...

7.5CVSS7.1AI score0.708EPSS
Exploits4
Veracode
Veracode
added 2018/11/14 1:4 a.m.22 views

Information Disclosure

Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking is configured...

7.8CVSS7.1AI score0.03474EPSS
Exploits0References7Affected Software3
Dsquare
Dsquare
added 2018/03/09 12:0 a.m.684 views

Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure

Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

5CVSS6.1AI score0.708EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2018/03/07 3:9 p.m.5 views

tomcat: Information Disclosure when using VirtualDirContext

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

7.5CVSS7.4AI score0.708EPSS
Exploits4References5
OSV
OSV
added 2017/09/21 1:43 p.m.22 views

MGASA-2017-0352 Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

7.5CVSS6AI score0.708EPSS
Exploits4References7
Prion
Prion
added 2017/09/19 1:29 p.m.44 views

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

5CVSS7.5AI score0.708EPSS
Exploits4References14Affected Software1
OSV
OSV
added 2017/09/19 12:0 a.m.4 views

UBUNTU-CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

7.5CVSS6.8AI score0.708EPSS
Exploits4References6
NVD
NVD
added 2015/04/27 11:59 a.m.19 views

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

5CVSS6.5AI score0.01209EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/04/27 1:0 a.m.30 views

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

6.5AI score0.01209EPSS
Exploits0References1
Rows per page
Query Builder