Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality...

4.4CVSS7AI score0.00641EPSS
Exploits1References3
Veracode
Veracode
added 2019/03/25 8:40 a.m.33 views

Restriction Bypass

JULI logging component is vulnerable to restriction bypass vulnerability.It uses the default security policy which does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to d...

6.4CVSS4.8AI score0.05156EPSS
Exploits1References53Affected Software16
OSV
OSV
added 2014/02/26 2:55 p.m.2 views

UBUNTU-CVE-2013-4590

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or .tld XML document containing an external entity declaration ...

4.3CVSS6.6AI score0.09487EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2012/05/21 4:42 p.m.7 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/01/31 10:57 p.m.8 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
Rows per page
Query Builder