Lucene search
K

12 matches found

seebug.org
seebug.org
added 2012/09/27 12:0 a.m.54 views

Apache Tomcat重复请求处理安全漏洞(CVE-2007-6286)

BUGTRAQ ID: 49470 CVE ID: CVE-2007-6286 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 5.5.11-5.5.25、6.0.0-6.0.15在使用了本地APR连接器后,没有正确处理到SSL端口的空请求,可允许远程攻击者触发处理最近一个服务器请求副本。 0 Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

4.3CVSS5.8AI score0.05373EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/10/13 12:0 a.m.43 views

SLES10: Security update for Websphere Community Edition

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: websphere-asce More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...

7.5CVSS5.5AI score0.99708EPSS
Exploits39References1
Tenable Nessus
Tenable Nessus
added 2009/07/27 12:0 a.m.48 views

VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter

ESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases...

10CVSS5.6AI score0.62575EPSS
Exploits7References27
OpenVAS
OpenVAS
added 2009/02/16 12:0 a.m.28 views

Fedora Update for tomcat5 FEDORA-2008-1467

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS5AI score0.77376EPSS
Exploits15References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.36 views

Gentoo Security Advisory GLSA 200804-10 (tomcat)

The remote host is missing updates announced in advisory GLSA 200804-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.4CVSS5.3AI score0.62575EPSS
Exploits5
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.26 views

Gentoo Security Advisory GLSA 200804-10 (tomcat)

The remote host is missing updates announced in advisory GLSA 200804-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS4.9AI score0.62575EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2008/09/17 12:0 a.m.48 views

Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)

Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz456120 Resolves: rhbz457934 Resolves: rhbz446393 Resolves: rhbz457597 - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim...

6.4CVSS5.6AI score0.99708EPSS
Exploits42References9
Tenable Nessus
Tenable Nessus
added 2008/02/14 12:0 a.m.46 views

Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)

Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim...

6.4CVSS5.5AI score0.77376EPSS
Exploits15References9
Tenable Nessus
Tenable Nessus
added 2008/02/14 12:0 a.m.46 views

Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)

---------------------------------------------------------------------- ---------- ChangeLog : - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333...

6.4CVSS5.5AI score0.77376EPSS
Exploits15References9
CVE
CVE
added 2008/02/12 12:0 a.m.83 views

CVE-2007-6286

Apache Tomcat 5.5.11–5.5.25 and 6.0.0–6.0.15, when using the native APR connector, fail to properly handle an empty SSL-port request, allowing remote attackers to trigger a duplicate of a recent request (e.g., via netcat). See CVE-2007-6286. NT: Affected versions are confirmed in Nessus/OpenVAS e...

4.3CVSS5.7AI score0.05373EPSS
Exploits1References30Affected Software1
Apache Tomcat
Apache Tomcat
added 2008/02/08 12:0 a.m.62 views

Fixed in Apache Tomcat 6.0.16

Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 6.0.0-6.0.14 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...

6.4CVSS4.8AI score0.62575EPSS
Exploits9Affected Software1
Apache Tomcat
Apache Tomcat
added 2008/02/05 12:0 a.m.76 views

Fixed in Apache Tomcat 5.5.26

Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 5.5.0-5.5.25 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...

6.4CVSS4.8AI score0.62575EPSS
Exploits9Affected Software1
Rows per page
Query Builder