36 matches found
GHSA-CWW4-VJ5R-RX57 Exposure of Sensitive Information in Apache Tomcat
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Apache Tomcat < 6.0.14 Multiple Vulnerabilities
According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.14. It is, therefore, affected by the following vulnerabilities : - Cross-site scripting XSS vulnerabilities exists due to improper validation of user-supplied input before...
Session Hijacking
tomcat-util is vulnerable to session hijacking attacks. The vulnerability exists due to tomcat-util incorrectly treating single quotes as delimiters in cookies, allowing sensitive information such as session ID to be leaked. This issue is also CVE-2007-3385...
Session Hijacking
Apache Tomcat is vulnerable to session hijacking. Sensitive information such as the session ID can be leaked to remote attackers due to improper handling of double quotes " characters and encoded backslash %5C in the cookie value. This vulnerability exists due to an incomplete fix for CVE-2007-33...
Oracle: Security Advisory (ELSA-2007-0871)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : Moderate: / tomcat (ELSA-2007-0871)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0871 advisory. 5.5.23-0jpp.3.0.2 - Patch for CVE-2007-3382 and CVE-2007-3385 Resolves: rhbz254155 5.5.23-0jpp.3.0.1 - Patch for CVE-2007-3386 Resolves: rhbz254155...
Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
The remote host is missing Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004. One or more of the following components are affected: Alias Manager CoreTypes c++filt Dock Launch Services Net-SNMP Ruby SMB File Server System Configuration Tomcat VPN WebKit OpenVAS Vulnerability Test Mac OS ...
RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)
Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. ...
CentOS 5 : tomcat (CESA-2007:0871)
Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat...
SLES10: Security update for Websphere Community Edition
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: websphere-asce More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...
SuSE9 Security Update : Tomcat (YOU Patch Number 12078)
Fixed various issues in tomcat : - modjk directory traversal. CVE-2007-1860 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of a double-quote character in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - tomcat HTTP Request Smuggling...
Fedora Update for tomcat5 FEDORA-2007-3456
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for tomcat5 FEDORA-2007-3474
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for tomcat5 FEDORA-2008-1467
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz456120 Resolves: rhbz457934 Resolves: rhbz446393 Resolves: rhbz457597 - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim...
Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities
The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components. C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; if NASLLEVEL 3004 exit0; include"compat.inc"; if description scriptid33281;...
Apache Tomcat fails to properly handle cookie value
Overview Apache Tomcat from the Apache Software Foundation contains a vulnerability that could allow a remote attacker to coerce a crafted cookie to a user's web browser. Apache Tomcat from the Apache Software Foundation is a web container that implements both Java Servlets and JavaServer Pages...
Moderate: Red Hat Security Advisory: Red Hat Network Satellite Server security update
Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal...
Moderate: Red Hat Security Advisory: tomcat security update
Updated tomcat packages that fix multiple security issues are now available for Red Hat Developer Suite 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat...
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)
Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting XSS vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860:...