tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability

CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...

Nuxeo Platform Arbitrary File Upload Vulnerability

Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...

NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...

CVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users...

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

UBUNTU-CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

Infinite Automation Mango Automation File Upload Vulnerability

Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. Infinite Automation Mango Automation 2.5.x and 2.6.x prior to 2.6.0, version 2.6.x, build 430,...

jakarta security update

CentOS Errata and Security Advisory CESA-2015:1695 Updated jakarta-taglibs-standard packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring Syste...

ManageEngine ServiceDesk Remote Code Execution Vulnerability

ManageEngine SeviceDesk Plus is a comprehensive helpdesk and asset management software that provides an integrated console for IT administrators and desktop agents. A remote code execution vulnerability exists in ManageEngine ServiceDesk due to a failure to properly handle JSP uploads when... /...

UBUNTU-CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Design/Logic Flaw

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...