tomcat security update

CentOS Errata and Security Advisory CESA-2016:2599 An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

Moderate: Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Apache Tomcat on Debian-Based Distros - Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...

[SECURITY] Fedora 24 Update: struts-1.3.10-18.fc24

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

[SECURITY] Fedora 23 Update: struts-1.3.10-18.fc23

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

CVE-2016-3438

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has...

CentOS Update for tomcat6 CESA-2016:0492 centos6

Check the version of tomcat6 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882434";...

tomcat6 security update

CentOS Errata and Security Advisory CESA-2016:0492 Updated tomcat6 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 6 : tomcat6 (RHSA-2016:0492)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0492 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that the expression language resolver...

RedHat Update for tomcat6 RHSA-2016:0492-01

The remote host is missing an update for the Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DLA-435-1 tomcat6 - security update

Bulletin has no description...

Debian Security Advisory DSA 3447-1 (tomcat7 - security update)

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. OpenVAS Vulnerability Test $Id: deb3447.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...

CVE-2015-7904

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file...

CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

Code injection

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The...

PortletBridge: information disclosure via auto-dispatching of non-JSF resources

It was found that PortletBridge PortletRequestDispatcher did not respect security constraints set by the servlet if a portlet request asked for rendering of a non-JSF resource such as JSP or HTML. A remote attacker could use this flaw to potentially bypass certain security constraints and gain...