Lucene search
K

124 matches found

Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.68 views

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

7.5CVSS7.6AI score0.213EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.4 views

The vulnerability of the WebSocket client component of the Apache Tomcat application server arises from errors in checking host names when using the Transport Layer Security (TLS) protocol. This vulnerability allows attackers to circumvent existing security restrictions.

The vulnerability of the WebSocket client component of the Apache Tomcat application server is related to errors in checking host names when using the Transport Layer Security TLS protocol. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotel...

7.8CVSS7.7AI score0.213EPSS
Exploits0References18Affected Software13
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.86 views

CentOS 7 : tomcat (CESA-2019:2205)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS7.6AI score0.21979EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.75 views

RHEL 7 : tomcat (RHSA-2019:2205)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2205 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incorrect handling ...

9.8CVSS7.8AI score0.21979EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2019/08/06 1:1 p.m.3 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/06/19 12:0 a.m.53 views

RHEL 8 : pki-deps:10.6 (RHSA-2019:1529)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1529 advisory. The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat...

9.8CVSS7.7AI score0.94494EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2019/06/18 5:22 p.m.3 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/18 5:22 p.m.76 views

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.94494EPSS
Exploits3References5
OSV
OSV
added 2019/06/18 4:36 p.m.50 views

ALSA-2019:1529 Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...

9.8CVSS7.2AI score0.94494EPSS
Exploits3References5
OSV
OSV
added 2019/06/18 4:36 p.m.44 views

RLSA-2019:1529 Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up...

9.1CVSS7.2AI score0.94494EPSS
Exploits3References5
AlmaLinux
AlmaLinux
added 2019/06/18 4:36 p.m.70 views

Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...

9.8CVSS7AI score0.94494EPSS
Exploits3References5
Rockylinux
Rockylinux
added 2019/06/18 4:36 p.m.51 views

pki-deps:10.6 security update

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, stax-ex, xerces-j2,...

9.8CVSS0.4AI score0.94494EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2019/05/30 12:0 a.m.41 views

Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1463)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denia...

7.5CVSS7.7AI score0.213EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.53 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.22 (RHSA-2019:1160)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1160 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

7.5CVSS7.8AI score0.213EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2019/05/13 5:24 p.m.5 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/13 5:6 p.m.2 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/13 5:6 p.m.2 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/13 5:4 p.m.2 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/13 5:4 p.m.139 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.22 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.5CVSS7.1AI score0.213EPSS
Exploits1References12
Hacker One
Hacker One
added 2019/04/11 9:12 a.m.119 views

Coda: Lack or Origin check leads to Cross-Site Websocket Hijacking (CSWSH)

Summary @fisher discovered a CSRF-related vulnerability in Coda docs by which an attacked could craft a convincing page that would make modifications to a specific document without the victim knowing. This is due to the inherent nature of Websockets not being secure by default. Although a...

0.3AI score
Exploits0
Rows per page
Query Builder