101 matches found
Apache Tomcat 7.0.79 < 7.0.84 Insecure CGI Servlet Search Algorithm Description Weakness
The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.84. It is, therefore, affected by a flaw that is due to the program containing an incorrect description for the CGI Servlet search algorithm, which may cause an administrator to leave the system in an insecure state...
Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15706)
Summary Apache Tomcat CGI Servlet vulnerability Vulnerability Details CVEID: CVE-2017-15706 DESCRIPTION: Apache Tomcat could provide weaker than expected security, caused by the incorrect documentation of the CGI search algorithm used by the CGI Servlet to identify which script to execute. The...
Ubuntu: Security Advisory (USN-3665-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-3665-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3665-1 advisory. It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue...
USN-3665-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...
openSUSE Security Update : tomcat (openSUSE-2018-325)
This update for tomcat fixes the following issues : Security issues fixed : - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users bsc1082481. - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints...
Amazon Linux AMI : tomcat80 (ALAS-2018-973)
Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...
Medium: tomcat80
Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...
Updated tomcat packages fix security vulnerabilities
In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...
MGASA-2018-0149 Updated tomcat packages fix security vulnerabilities
In Tomcat 8.0.45, the description of the search algorithm used by the CGI Servlet to identify which script to execute was updated. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the...
Amazon Linux AMI : tomcat8 (ALAS-2018-959)
Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correc...
Low: tomcat8
Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The updat...
Apache Tomcat 9.0.0.M22 < 9.0.2
The version of Tomcat installed on the remote host is prior to 9.0.2. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.2security-9 advisory. - As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.4...
Apache Tomcat 8.5.16 < 8.5.24
The version of Tomcat installed on the remote host is prior to 8.5.24. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.24security-8 advisory. - As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23,...
Apache Tomcat 8.0.45 < 8.0.48
The version of Tomcat installed on the remote host is prior to 8.0.48. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.48security-8 advisory. - As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23,...
Apache Tomcat 7.0.79 < 7.0.84
The version of Tomcat installed on the remote host is prior to 7.0.84. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.84security-7 advisory. - As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23,...
Amazon Linux AMI : tomcat7 (ALAS-2018-947)
Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...
Low: tomcat7
Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...
Design/Logic Flaw
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...
CVE-2017-15706
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...