30 matches found
EUVD-2014-5189
Malware in sbrugna...
EUVD-2022-5728
Malicious code in bioql PyPI...
BIT-TOMCAT-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0 through 10.1.33, from 9.0.0 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0...
Fixed in Apache Tomcat 11.0.7
Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...
Fixed in Apache Tomcat 10.1.41
Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...
Important: tomcat
Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...
tomcat: RCE due to TOCTOU issue in JSP compilation
A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...
FreeBSD : Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation (ed0a052a-c5e6-11ef-a457-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed0a052a-c5e6-11ef-a457-b42e991fc52e advisory. [email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for...
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation ASF has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution RCE under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigati...
Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...
CVE-2024-56337
The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...
CVE-2024-56337
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
CVE-2024-56337
TOCTOU Race Condition in Apache Tomcat (CVE-2024-56337) affects 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97. The issue stems from TOCTOU vulnerability during JSP compilation/default servlet write on case-insensitive file systems. Incomplete mitigation previously for CVE-2024-50379; g...
CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...
Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation
[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...
Apache Tomcat 9.0.0.M1 < 9.0.98 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.98. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.98security-9 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat...
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...
Git LFS Clone Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git LFS Clone Command Exec', 'Description' = %q Git clients that support delay-capable clean / smudge filters and symbolic links on...