50 matches found
EUVD-2014-5189
Malware in sbrugna...
EUVD-2022-5728
Malicious code in bioql PyPI...
BIT-TOMCAT-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0 through 10.1.33, from 9.0.0 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
Fixed in Apache Tomcat 11.0.7
Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...
Fixed in Apache Tomcat 10.1.41
Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...
Linux Distros Unpatched Vulnerability : CVE-2021-39134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...
Important: tomcat
Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...
tomcat: RCE due to TOCTOU issue in JSP compilation
A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...
FreeBSD : Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation (ed0a052a-c5e6-11ef-a457-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed0a052a-c5e6-11ef-a457-b42e991fc52e advisory. [email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for...
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation ASF has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution RCE under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigati...
Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...
CVE-2024-56337
The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...
CVE-2024-56337
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
CVE-2024-56337
TOCTOU Race Condition in Apache Tomcat (CVE-2024-56337) affects 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97. The issue stems from TOCTOU vulnerability during JSP compilation/default servlet write on case-insensitive file systems. Incomplete mitigation previously for CVE-2024-50379; g...
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation
[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...