Lucene search
K

89 matches found

OSV
OSV
added 2020/04/21 7:15 p.m.4 views

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

9.8CVSS6.8AI score0.03176EPSS
Exploits3References2
Veracode
Veracode
added 2020/04/10 1:3 a.m.30 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...

4.3CVSS2.3AI score0.2238EPSS
Exploits3References45Affected Software1
RedHat Linux
RedHat Linux
added 2020/03/24 11:13 a.m.4 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.67 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1352)

The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
RedHat Linux
RedHat Linux
added 2020/03/12 5:7 p.m.3 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
OSV
OSV
added 2020/03/10 7:4 p.m.29 views

MGASA-2020-0138 Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...

9.8CVSS8.2AI score0.9927EPSS
Exploits45References4
BDU FSTEC
BDU FSTEC
added 2020/03/10 12:0 a.m.5 views

Vulnerability of the Apache Jserv Protocol – the connection protocol of Apache Tomcat servers, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Jserv Protocol – the server for Apache Tomcat applications – is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.9927EPSS
Exploits45References13Affected Software14
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.66 views

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References5
Debian
Debian
added 2020/03/04 6:14 p.m.92 views

[SECURITY] [DLA 2133-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.100-1 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was...

9.8CVSS9.2AI score0.9927EPSS
Exploits45
Veracode
Veracode
added 2019/05/02 4:53 a.m.64 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...

5CVSS5.8AI score0.1747EPSS
Exploits1References51Affected Software35
OSV
OSV
added 2018/01/24 11:29 p.m.2 views

UBUNTU-CVE-2018-1048

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS7.2AI score0.0159EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.34 views

RedHat Update for httpd RHSA-2013:0512-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.7AI score0.6477EPSS
Exploits4References5
Nmap
Nmap
added 2012/05/07 6:49 p.m.362 views

ajp-methods NSE Script

Discovers which options are supported by the AJP Apache JServ Protocol server by sending an OPTIONS request and lists potentially risky methods. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/05/07 6:49 p.m.146 views

ajp-headers NSE Script

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...

10CVSS0.4AI score0.99448EPSS
Exploits33
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.6 views

tomcat: authentication bypass and information disclosure

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

7.5CVSS6.1AI score0.15226EPSS
Exploits1References4
NVD
NVD
added 2011/10/05 2:56 a.m.13 views

CVE-2000-1247

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI...

2.1CVSS5.9AI score0.00582EPSS
Exploits1References4
Cvelist
Cvelist
added 2011/10/05 1:0 a.m.17 views

CVE-2000-1247

The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI...

5.9AI score0.00582EPSS
Exploits1References4
CVE
CVE
added 2011/10/05 1:0 a.m.47 views

CVE-2000-1247

The CVE affects Apache JServ 1.1.2, specifically the jserv-status handler in jserv.conf. Its default configuration includes an allow from 127.0.0.1 line, allowing local users to access the jserv/ URI and disclose JDBC passwords or other sensitive information. The available documents do not specif...

2.1CVSS6.1AI score0.00582EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.7 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/30 3:16 p.m.7 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
Rows per page
Query Builder