12 matches found
SuSE9 Security Update : Tomcat (YOU Patch Number 12078)
Fixed various issues in tomcat : - modjk directory traversal. CVE-2007-1860 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of a double-quote character in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - tomcat HTTP Request Smuggling...
Gentoo Security Advisory GLSA 200708-15 (mod_jk)
The remote host is missing updates announced in advisory GLSA 200708-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Moderate: Red Hat Security Advisory: Red Hat Network Satellite Server security update
Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal...
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)
Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting XSS vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860:...
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)
Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...
Important: Red Hat Security Advisory: mod_jk security update
Updated modjk packages that fix a security issue are now available for Red Hat Application Stack v1.1. This update has been rated as having Important security impact by the Red Hat Security Response Team. modjk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HT...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
CVE-2007-1860 affects the Apache Tomcat JK Web Server Connector (mod_jk) in 1.2.x before 1.2.23. The flaw arises because mod_jk decodes request URLs within Apache before passing them to Tomcat, enabling directory traversal through crafted URLs (e.g., double-encoded .. sequences via a JkMount pref...