8 matches found
EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2675)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to...
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
Apache Tomcat Security Bypass Vulnerability (CNVD-2018-03661)
Tomcat is developed by the Apache Software Foundation under the Jakarta project a Servlet container , in accordance with the technical specifications provided by Sun Microsystems , the realization of the Servlet and JavaServer Page JSP support , and provides as a Web server some of the unique...
tomcat -- Security constraints ignored or applied too late
The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...
Apache Tomcat 7.0.0 < 7.0.85 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.85. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.85security-7 advisory. - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to...
Fixed in Apache Tomcat 7.0.85
Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...
Fixed in Apache Tomcat 9.0.5
Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...
USN-3081-1 tomcat6, tomcat7, tomcat8 vulnerability
Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. CVE-2016-1240 This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnable...