GHSA-3MJP-P938-4329 Apache Tomcat vulnerable to SecurityManager bypass

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

Apache Tomcat vulnerable to SecurityManager bypass

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

System Property Disclosure in Apache Tomcat

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for...

IBM Java 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.50 / 7.1 7.1.4.50 / 8.0 8.0.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update July 2019 advisory. - Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on...

Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

Default configuration

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create...

Fixed in Apache Tomcat 7.0.104

High: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

Fixed in Apache Tomcat 9.0.35

Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

Fixed in Apache Tomcat 8.5.55

Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

Fixed in Apache Tomcat 10.0.0-M5

Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1191)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Data Center Network Manager SecurityManager Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validation of SSO tokens of SOAP packets. The issue results from th...

tika: Incomplete fix allows for XML entity expansion resulting in denial of service

In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...

Arbitrary Code Execution

ibm java jdk is vulnerable to arbitrary code execution. Out-of-bounds access in the String.getBytes method allows an attacker to write arbitrary data to any 32-bit address or beyond the end of byte array within Java code run under a SecurityManager, resulting in code execution...

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

Out-of-bounds

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

CVE-2019-11772

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...

SecurityManager Bypass

Apache Tomcat Jasper 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 allows the bypass a SecurityManager protection mechanism by using a web application that uses the incorrect privileges during an EL evaluation. This is caused because it does not take into account the possibility of ...