Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2010/01/10 12:0 a.m.63 views

RHEL 4 : Satellite Server (RHSA-2008:0630)

Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security...

9.1CVSS5.4AI score0.77376EPSS
Exploits9References23
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.48 views

SuSE9 Security Update : Tomcat (YOU Patch Number 12078)

Fixed various issues in tomcat : - modjk directory traversal. CVE-2007-1860 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of a double-quote character in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - tomcat HTTP Request Smuggling...

6.8CVSS4.9AI score0.40255EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.65 views

Moderate: Red Hat Security Advisory: Red Hat Network Satellite Server security update

Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal...

10CVSS6.5AI score0.90768EPSS
Exploits29References3
Tenable Nessus
Tenable Nessus
added 2008/02/29 12:0 a.m.46 views

openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)

Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting XSS vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860:...

6.8CVSS4.8AI score0.72168EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2008/02/27 12:0 a.m.42 views

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)

Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...

6.8CVSS4.8AI score0.72168EPSS
Exploits9References14
OpenVAS
OpenVAS
added 2008/01/31 12:0 a.m.22 views

Debian: Security Advisory (DSA-1468-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.19622EPSS
Exploits0References3
CVE
CVE
added 2008/01/23 1:0 a.m.113 views

CVE-2008-0128

Apache Tomcat 5.x before 5.5.21 is affected by CVE-2008-0128: when the SingleSignOn valve is used over HTTPS, the JSESSIONIDSSO cookie is not marked secure, allowing it to be sent over HTTP and potentially captured by an attacker via a crafted HTTP request. This information is supported by multip...

5CVSS9AI score0.19622EPSS
Exploits0References22Affected Software1
Cvelist
Cvelist
added 2008/01/23 1:0 a.m.35 views

CVE-2008-0128

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

7.7AI score0.19622EPSS
Exploits0References22
Apache Tomcat
Apache Tomcat
added 2008/01/21 12:0 a.m.47 views

Fixed in Apache Tomcat 5.5.21

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.5AI score0.19622EPSS
Exploits2Affected Software1
Debian
Debian
added 2008/01/20 3:17 p.m.31 views

[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1468-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008 http://www.debian.org/security/faq -...

5CVSS6.7AI score0.19622EPSS
Exploits0
Apache Tomcat
Apache Tomcat
added 2007/02/08 12:0 a.m.54 views

Fixed in Apache Tomcat 6.0.9

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.7AI score0.19622EPSS
Exploits0Affected Software1
Rows per page
Query Builder