Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.66 views

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2675)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to...

7.5CVSS7.6AI score0.213EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:15 p.m.6 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
CNVD
CNVD
added 2018/02/24 12:0 a.m.3 views

Apache Tomcat Security Bypass Vulnerability (CNVD-2018-03661)

Tomcat is developed by the Apache Software Foundation under the Jakarta project a Servlet container , in accordance with the technical specifications provided by Sun Microsystems , the realization of the Servlet and JavaServer Page JSP support , and provides as a Web server some of the unique...

5.9CVSS6.8AI score0.17378EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/02/23 12:0 a.m.64 views

tomcat -- Security constraints ignored or applied too late

The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

7.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/02/23 12:0 a.m.101 views

Apache Tomcat 7.0.0 < 7.0.85 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.85. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.85security-7 advisory. - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to...

6.5CVSS7.2AI score0.17378EPSS
Exploits2References7
Apache Tomcat
Apache Tomcat
added 2018/02/13 12:0 a.m.63 views

Fixed in Apache Tomcat 7.0.85

Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...

6.5CVSS6.8AI score0.17378EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/02/11 12:0 a.m.64 views

Fixed in Apache Tomcat 9.0.5

Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...

6.5CVSS6.8AI score0.17378EPSS
Exploits2Affected Software1
OSV
OSV
added 2016/09/19 4:55 p.m.5 views

USN-3081-1 tomcat6, tomcat7, tomcat8 vulnerability

Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. CVE-2016-1240 This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnable...

7.8CVSS7.2AI score0.09783EPSS
Exploits8References3
Rows per page
Query Builder