Lucene search
+L

7209 matches found

d2
d2
added 2007/03/04 10:19 p.m.59 views

DSquare Exploit Pack: D2SEC_MOD_JK

Name| d2secmodjk ---|--- CVE| CVE-2007-0774 Exploit Pack| D2ExploitPack Description| Apache Tomcat JK Web Server Connector Stack Overflow Vulnerability Notes|...

7.5CVSS3AI score0.81513EPSS
Exploits8
NVD
NVD
added 2007/03/04 10:19 p.m.21 views

CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.5CVSS7.9AI score0.81513EPSS
Exploits8References25
OSV
OSV
added 2007/03/04 10:19 p.m.12 views

CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.8AI score
Exploits0References25
Prion
Prion
added 2007/03/04 10:19 p.m.20 views

Stack overflow

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.5CVSS8.2AI score0.81513EPSS
Exploits8References25Affected Software1
Cvelist
Cvelist
added 2007/03/04 10:0 p.m.34 views

CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.8AI score0.81513EPSS
Exploits8References25
Debian CVE
Debian CVE
added 2007/03/04 10:0 p.m.48 views

CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.5CVSS7.7AI score0.81513EPSS
Exploits8
CVE
CVE
added 2007/03/04 10:0 p.m.182 views

CVE-2007-0774

CVE-2007-0774 describes a stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) of Apache Tomcat JK Web Server Connector’s mod_jk.so, affecting mod_jk versions 1.2.19 and 1.2.20 as used with Tomcat 4.1.34 and 5.5.20. The overflow is triggered by a long ...

7.5CVSS7.7AI score0.81513EPSS
Exploits8References25Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2007/03/02 12:0 a.m.96 views

Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the modjk.so library, mapuritoworker, defined in...

7.5CVSS4.6AI score0.81513EPSS
Exploits8References1
Apache Tomcat
Apache Tomcat
added 2007/02/28 12:0 a.m.60 views

Fixed in Apache Tomcat 6.0.10

Important: Directory traversal CVE-2007-0450 Tomcat permits '', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy including, but not limited to, Apache HTTP server with modproxy and modjk configured to only proxy some contexts, a HTTP request containing strings like "/\../"...

5CVSS6AI score0.90768EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2007/02/08 12:0 a.m.63 views

Fixed in Apache Tomcat 6.0.9

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.7AI score0.19622EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2007/01/05 12:0 a.m.13 views

Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload

Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload source: https://www.securityfocus.com/bid/27487/info Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the...

0.3AI score
Exploits0
Apache Tomcat
Apache Tomcat
added 2006/12/18 12:0 a.m.49 views

Fixed in Apache Tomcat 6.0.6

Low: Cross-site scripting CVE-2007-1358 Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Under normal circumstances this would not be possible to exploi...

2.6CVSS8.6AI score0.19889EPSS
Exploits1Affected Software1
NVD
NVD
added 2006/07/25 1:22 p.m.32 views

CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon ; preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do...

5CVSS6.4AI score0.45579EPSS
Exploits8References30
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.38 views

CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon ; preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do...

7.3AI score0.45579EPSS
Exploits8References30
CVE
CVE
added 2006/07/25 12:0 a.m.133 views

CVE-2006-3835

CVE-2006-3835 affects Apache Tomcat 5 before 5.5.17. The vulnerability allows remote attackers to list directories by using a semicolon before a filename with a mapped extension, as shown by URLs like /;index.jsp or /;help.do. The initial description confirms the condition; related advisories (GH...

5CVSS7.3AI score0.45579EPSS
Exploits8References30Affected Software1
seebug.org
seebug.org
added 2006/07/23 12:0 a.m.25 views

Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability

No description provided by source. ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/07/23 12:0 a.m.11 views

Apache Tomcat 5.5.17 - Remote Directory Listing

Apache Tomcat 5.5.17 - Remote Directory Listing ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/23 12:0 a.m.42 views

Apache Tomcat < 5.5.17 - Remote Directory Listing

ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview: Apache Tomcat is the servlet contain...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/07/21 12:0 a.m.11 views

Apache Tomcat 5 - Information Disclosure

Apache Tomcat 5 - Information Disclosure source: https://www.securityfocus.com/bid/19106/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/21 12:0 a.m.47 views

Apache Tomcat 5 - Information Disclosure

source: https://www.securityfocus.com/bid/19106/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may...

7AI score
Exploits0
Rows per page
Query Builder