124 matches found
EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....
The vulnerability of the WebSocket client component of the Apache Tomcat application server arises from errors in checking host names when using the Transport Layer Security (TLS) protocol. This vulnerability allows attackers to circumvent existing security restrictions.
The vulnerability of the WebSocket client component of the Apache Tomcat application server is related to errors in checking host names when using the Transport Layer Security TLS protocol. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotel...
CentOS 7 : tomcat (CESA-2019:2205)
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 7 : tomcat (RHSA-2019:2205)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2205 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incorrect handling ...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
RHEL 8 : pki-deps:10.6 (RHSA-2019:1529)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1529 advisory. The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
Important: Red Hat Security Advisory: pki-deps:10.6 security update
An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2019:1529 Important: pki-deps:10.6 security update
The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...
RLSA-2019:1529 Important: pki-deps:10.6 security update
The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up...
Important: pki-deps:10.6 security update
The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...
pki-deps:10.6 security update
An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, stax-ex, xerces-j2,...
Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1463)
The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denia...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.22 (RHSA-2019:1160)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1160 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.22 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)
Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...