9 matches found
K31573032: Tomcat vulnerability CVE-2020-13943
Security Advisory Description If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made...
Apache Tomcat 10.0.0-M5 < 10.0.16 Local Privilege Escalation
The version of Apache Tomcat installed on the remote host is 8.5.55 to 8.5.73, 9.0.35 to 9.0.56, 10.0.0-M5 to 10.0.14 or 10.1.0-M1 to 10.1.0-M8. It is, therefore, affected by a local privilege escalation vulnerability due to a time of check, time of use vulnerability. Note that the scanner has no...
F5 Networks BIG-IP : Apache Tomcat vulnerability (K32469285)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32469285 advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...
Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError
h3. Issue Summary Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError Base Score: 7.5 HIGH bq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once th...
JFrog < 7.7.0 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.7.0. It is, therefore, affected by multiple vulnerabilities: - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did no...
Apache Tomcat 10.0.0-M1 < 10.0.2 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.1, 9.0.0.M1 to 9.0.42, 8.5.0 to 8.5.62 or 7.0.0 to 7.0.107. It is, therefore, affected by a remote code execution due to an incomplete fix for CVE-2020-9484 and an information diclosure due to request mix-up with h2c...
Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1473 advisory. - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and...
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...