Lucene search
K

9 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:2 p.m.87 views

K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714

Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...

8.8CVSS8.6AI score0.13075EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 5:32 p.m.48 views

K30971148: Apache Tomcat 6.x vulnerability CVE-2015-5174

Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in...

4.3CVSS6.5AI score0.12555EPSS
Exploits0Affected Software17
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.35 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K18174924)

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

4.3CVSS6.8AI score0.06232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.64 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K34341852)

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5.3CVSS6.8AI score0.1838EPSS
Exploits0References2
Prion
Prion
added 2016/02/25 1:59 a.m.24 views

Design/Logic Flaw

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5CVSS6.9AI score0.1838EPSS
Exploits0References51Affected Software3
Prion
Prion
added 2016/02/25 1:59 a.m.35 views

Directory traversal

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4CVSS6.5AI score0.12555EPSS
Exploits0References47Affected Software3
Cvelist
Cvelist
added 2016/02/25 1:0 a.m.29 views

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

6.3AI score0.06232EPSS
Exploits0References45
UbuntuCve
UbuntuCve
added 2016/02/24 12:0 a.m.38 views

CVE-2015-5174

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.8AI score0.12555EPSS
Exploits0References3
Prion
Prion
added 2010/11/26 8:0 p.m.14 views

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS6.9AI score0.02136EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder