15 matches found
K9108: Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
Oracle Linux 5 : tomcat (ELSA-2008-0648)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0648 advisory. - add patch for CVE-2008-1232 Resolves: rhbz457727 - add patch for CVE-2008-1947 Resolves: rhbz449916 - add patch for CVE-2008-2370 Resolves: rhbz45863...
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. CVE-2008-1232 An additional cross-site scripting vulnerability was discovered in the host manager application. A...
RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)
Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped a...
SLES10: Security update for Websphere Community Edition
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: websphere-asce More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S
CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Serv...
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposur...
Fedora Update for tomcat5 FEDORA-2008-8113
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Low: Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped a...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
A cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through a crafted string that is used in the message argument to the HttpServletResponse.sendError method...
Important: Red Hat Security Advisory: tomcat security update
Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP...
tomcat security update
5.5.23-0jpp.7.el52.1 - add patch for CVE-2008-1232 Resolves: rhbz457727 - add patch for CVE-2008-1947 Resolves: rhbz449916 - add patch for CVE-2008-2370 Resolves: rhbz458634 - add patch for CVE-2008-2938 Resolves: rhbz456214...
CVE-2008-1232
CVE-2008-1232 is an XSS vulnerability in Apache Tomcat affecting versions 4.1.0–4.1.37, 5.5.0–5.5.26, and 6.0.0–6.0.16. The root cause is improper validation of user-supplied input used in the HttpServletResponse.sendError method, allowing remote attackers to inject arbitrary web script or HTML v...
Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞
BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数,同时也在HTTP响应的reason-phrase中使用,这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击,向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...