[SECURITY] Fedora 25 Update: tomcat-8.0.47-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Tomcat Patches Important Remote Code Execution Flaw

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation ASF, is an open source web server and...

Apache OpenNLP XXE Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-12620 - Apache OpenNLP XXE vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: OpenNLP 1.5.0 to 1.5.3 OpenNLP 1.6.0 OpenNLP 1.7.0 to 1.7.2 OpenNLP 1.8.0 to 1.8.1 Description: When loading model...

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server. US-CERT encourages users and administrators to review the Apache...

[SECURITY] Fedora 26 Update: tomcat-8.0.46-1.fc26

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017

On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. T...

Apache Struts 2 remote command execution vulnerability(S2-048)

Vulnerability overview Struts is a Apache Software Foundation ASF sponsored an open source project. By using JavaServlet/JSP technology, is implemented based on the Java EEWeb application of the MVC design pattern application framework, MVC is a classic design pattern in a classic product. But in...

[SECURITY] Fedora 25 Update: tomcat-8.0.44-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Cordova Android 5.2.2 Information Leak Vulnerability

Apache Cordova Android versions 5.2.2 and below suffer from an internal system information leak. CVE-2016-6799: Internal system information leak Severity: High Vendor: The Apache Software Foundation Versions Affected: Cordova Android 5.2.2 and below Description: The application calls methods of t...

[SECURITY] Fedora 26 Update: tomcat-8.0.43-1.fc26

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 24 Update: tomcat-8.0.43-1.fc24

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Hadoop DataNode Missed Validation Vulnerability

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected. CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Severity: Important Vendor: The...

Apache XML Graphics FOP 2.1 Information Disclosure Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik...

Apache FOP XML External Entity Injection Vulnerability

Apache FOP Formatting Object Processor is a U.S. Apache Apache Software Foundation by the XSL Formatting Object XSL-FO and output-independent formatting program driven by the print formatting program. It can read the Formatting Object FO tree and render the resulting page to the specified output...

Apache Software Foundation Releases Security Updates

The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.3...

Apache NiFi 1.0.0 / 1.1.0 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache NiFi 1.0.0 Apache NiFi 1.1.0 Description: There is a cross-site scripting...

tomcat -- information disclosure vulnerability

The Apache Software Foundation reports: Important: Information Disclosure CVE-2016-8745...

Apache httpd -- several vulnerabilities

Apache Software Foundation reports: Please reference CVE/URL list for details...

[SECURITY] Fedora 25 Update: tomcat-8.0.39-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

FreeBSD : subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s) (ac256985-b6a9-11e6-a3bf-206a8a720317)

The Apache Software Foundation reports : The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...