Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764)

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. CVE-2016-6325 A...

Important: tomcat6, tomcat7, tomcat8

Issue Overview: It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

Updated tomcat packages fix security vulnerability

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 Multiple Vulnerabilities

Binary data 9723.pasl...

Apache Tomcat 8.5.0 < 8.5.5 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

CVE-2016-6794

It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible...

CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

Important: Red Hat Security Advisory: tomcat6 security and bug fix update

An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Fixed in Apache Tomcat 8.5.5 and 8.0.37

Low: Unrestricted Access to Global Resources CVE-2016-6797 The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

Debian: Security Advisory (DSA-3609-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3609-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. OpenVAS Vulnerability Test $Id: deb3609.nasl 6608 2017-07-07 12:05:05Z...

Debian DSA-3609-1 : tomcat8 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

[SECURITY] [DSA 3609-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3609-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2016 https://www.debian.org/security/faq -...

DSA-3609-1 tomcat8 - security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 update

Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Debian DSA-3552-1 : tomcat7 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[SECURITY] [DSA 3552-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3552-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2016 https://www.debian.org/security/faq -...