130 matches found
SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...
EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...
Apache Tomcat 7.0.0 < 7.0.107
The version of Tomcat installed on the remote host is prior to 7.0.107. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.107security-7 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 t...
OESA-2021-1075 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
tomcat: Information disclosure when using NTFS file system
A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...
tomcat: Information disclosure when using NTFS file system
A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...
Apache Tomcat Information Disclosure Vulnerability (CNVD-2021-11841)
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...
DEBIAN-CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...
Apache Tomcat 信息泄露漏洞
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...
Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...
PT-2020-20935
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.106 Apache Tomcat versions 8.5.0 through 8.5.59 Apache Tomcat versions 9.0.0.M1 through 9.0.39 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Description When serving resources from a network locati...
BSA-2020-1043
Security Advisory ID : BSA-2020-1043 Component : Apache Tomcat Revision : 1.0: Final When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially...
Information Disclosure
Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking is configured...
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
tomcat: Information Disclosure when using VirtualDirContext
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
MGASA-2017-0352 Updated tomcat packages fix security vulnerability
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...
Design/Logic Flaw
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
UBUNTU-CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
CVE-2015-0113
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...
CVE-2015-0113
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...