Security Bulletin: Apache commons-dbcp vulnerability affects watsonx.data

Summary Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an error if a BasicDataSource is created with jmxName set. By using JMXBean, an attacker could exploit this vulnerability to expose/export the password...

Security Bulletin: There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting Service

Summary There is a vulnerability in Apache commons-dbcp used by IBM Jazz Reporting ServiceJRS. This vulnerabiliity is addressed in JRS by upgrading to a version of Apache commons-dbcp that resolves the issue. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allo...

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS...

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS...

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for tomcat (important)

This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

Security update for tomcat (important)

This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : tomcat (openSUSE-2016-1456)

This update for tomcat fixes the following issues : Feature changes : The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes : - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

SUSE-SU-2016:3079-1 Security update for tomcat

This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

SUSE-SU-2016:3081-1 Security update for tomcat

This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)

Updated to 7.0.33 - Resolves: rhbz 873620 need chkconfig for update-alternatives - Resolves: rhbz 883676,883691,883704,873707 fix several security issues - Resolves: rhbz 883806 refix logdir ownership - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp Note that Tenable Network Security...