Lucene search
K

124 matches found

Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.60 views

openSUSE Security Update : tomcat (openSUSE-2019-770)

This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. -...

9.8CVSS7.8AI score0.21979EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2019/03/04 5:36 p.m.3 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/03/04 5:35 p.m.2 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/01/22 1:42 p.m.5 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/01/22 1:36 p.m.7 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.52 views

openSUSE: Security Advisory for tomcat (openSUSE-SU-2018:3054-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.6AI score0.21979EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/06 6:10 p.m.196 views

Security update for tomcat (moderate)

This update for tomcat to version 9.0.10 fixes the following issues: Security issues fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. - CVE-2018-801...

7.5CVSS0.6AI score0.21979EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.50 views

Debian DLA-1491-1 : tomcat8 security update

Two security issues have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1336 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. CVE-2018-8034 The host name verification when...

7.5CVSS7.8AI score0.213EPSS
Exploits0References4
Amazon
Amazon
added 2018/08/09 12:0 a.m.556 views

Important: tomcat7, tomcat80

Issue Overview: The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default...

9.8CVSS8.8AI score0.21979EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/08/03 12:0 a.m.53 views

Apache Tomcat 'Hostname Verification' Security Bypass Vulnerability - Linux

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

7.5CVSS8.8AI score0.213EPSS
Exploits0References5
OSV
OSV
added 2018/08/01 6:29 p.m.45 views

CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.5AI score
Exploits0References41
Tenable Nessus
Tenable Nessus
added 2018/07/26 12:0 a.m.57 views

Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-3723-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3723-1 advisory. It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause...

7.5CVSS7.8AI score0.213EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/07/24 12:0 a.m.47 views

CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7AI score0.213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/07/13 12:0 a.m.829 views

Apache Tomcat 8.5.5 < 8.5.32 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.32. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.32security-8 advisory. - If an async request was completed by the application at the same time as the container triggered the...

9.8CVSS7.8AI score0.21979EPSS
Exploits0References10
Apache Tomcat
Apache Tomcat
added 2018/07/07 12:0 a.m.112 views

Fixed in Apache Tomcat 7.0.90

Low: host name verification missing in WebSocket client CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. This was fixed in revision 1833760. This issue was reported publicly on 11 June 2018 and formally announced as a...

7.5CVSS7.6AI score0.213EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/07/06 12:0 a.m.169 views

Fixed in Apache Tomcat 8.0.53

Low: host name verification missing in WebSocket client CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. This was fixed in revision 1833759. This issue was reported publicly on 11 June 2018 and formally announced as a...

9.8CVSS8.8AI score0.21979EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/06/26 12:0 a.m.108 views

Fixed in Apache Tomcat 8.5.32

Important: Information Disclosure CVE-2018-8037 If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present...

9.8CVSS7AI score0.21979EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2018/05/16 12:0 a.m.18 views

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

9CVSS0.4AI score0.10889EPSS
Exploits5
0day.today
0day.today
added 2018/05/16 12:0 a.m.53 views

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

0.3AI score0.10889EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/05/16 12:0 a.m.31 views

Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution

''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...

0.5AI score0.10889EPSS
Exploits5
Rows per page
Query Builder