8 matches found
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6839)
This update of tomcat5/6 fixes : - Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that...
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02181353 Version: 1 HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting XSS, Denial of Service DoS NOTICE: The information in this Security...
Fixed in Apache Tomcat 5.5.29
Low: Arbitrary file deletion and/or alteration on deploy CVE-2009-2693 When deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as ../../bin/catalina.sh in the...
SuSE Security Update: Security update for Tomcat 5 (tomcat5-6841)
This update of tomcat5/6 fixes: CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2901: CVSS v2 Base Score: 4.3 When...
openSUSE Security Update : tomcat6 (tomcat6-2000)
This update of tomcat5/6 fixes : - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. - CVE-2009-2901: CVSS v2 Base Score: 4.3 When...
CVE-2009-2901
The CVE-2009-2901 entry describes an authentication bypass in Apache Tomcat when the autodeployment (autoDeploy) feature is enabled. Affected versions are Tomcat 5.5.0–5.5.28 and 6.0.0–6.0.20, where appBase files left from a failed undeploy can be deployed and used to bypass intended authenticati...
Apache Tomcat < 5.5.29 / 6.0.24
Binary data 800619.prm...