12 matches found
Apache Tomcat重复请求处理安全漏洞(CVE-2007-6286)
BUGTRAQ ID: 49470 CVE ID: CVE-2007-6286 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 5.5.11-5.5.25、6.0.0-6.0.15在使用了本地APR连接器后,没有正确处理到SSL端口的空请求,可允许远程攻击者触发处理最近一个服务器请求副本。 0 Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
SLES10: Security update for Websphere Community Edition
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: websphere-asce More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...
VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
ESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases...
Fedora Update for tomcat5 FEDORA-2008-1467
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 200804-10 (tomcat)
The remote host is missing updates announced in advisory GLSA 200804-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200804-10 (tomcat)
The remote host is missing updates announced in advisory GLSA 200804-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz456120 Resolves: rhbz457934 Resolves: rhbz446393 Resolves: rhbz457597 - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim...
Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)
Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim...
Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)
---------------------------------------------------------------------- ---------- ChangeLog : - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333...
CVE-2007-6286
Apache Tomcat 5.5.11–5.5.25 and 6.0.0–6.0.15, when using the native APR connector, fail to properly handle an empty SSL-port request, allowing remote attackers to trigger a duplicate of a recent request (e.g., via netcat). See CVE-2007-6286. NT: Affected versions are confirmed in Nessus/OpenVAS e...
Fixed in Apache Tomcat 6.0.16
Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 6.0.0-6.0.14 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...
Fixed in Apache Tomcat 5.5.26
Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 5.5.0-5.5.25 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...