CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

CVE-2020-1938

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

Vulnerability fixed in Apache Tomcat

A malicious party can exploit the vulnerability to obtain information from the system. The vulnerability was caused because the AJP protocol was incorrectly was implemented incorrectly. A malicious party could possibly read files a malicious request to read files from the webroot directory. The A...

CentOS 7 : tomcat (CESA-2019:2205)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Fedora Update for tomcat FEDORA-2019-1a3f878d27

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

VulnCheck KEV: CVE-2017-12617

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

CentOS 7 : tomcat (CESA-2019:0485)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

OFCMS backend ueditor uploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend ueditor uploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account the file.jsp::$DATA of the...

CentOS 7 : tomcat (CESA-2018:2921)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...

[SECURITY] Fedora 28 Update: tomcat-8.5.32-1.fc28

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Security Bulletin: Unauthorized disclosure of system information in IBM Business Process Manager (BPM) 8.5.x (CVE-2014-3076)

Summary System information is provided on an unprotected diagnostic page. Vulnerability Details CVEID: CVE-2014-3076 DESCRIPTION: IBM Business Process Manager 8.5 contains an unprotected JavaServer™ Pages JSP file that returns system information to unauthenticated users. An attacker might use thi...

b3log Symphony Arbitrary File Upload Vulnerability

b3log Symphony aka Sym is an open source set of modern community platforms written in the Java language, including forums, BBS, SNS and blogs. A security vulnerability exists in b3log Symphony version 2.6.0. A remote attacker can exploit this vulnerability by sending the 'name' parameter to the...

CVE-2017-7429

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server...

[SECURITY] Fedora 26 Update: tomcat-8.0.49-1.fc26

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 27 Update: tomcat-8.0.49-1.fc27

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

tomcat: Remote Code Execution bypass for CVE-2017-12615

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

CVE-2017-17108

Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server...