Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 2:56 p.m.155 views

Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2017-5645 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS10.9AI score0.8904EPSS
Exploits50Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.34 views

openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)

This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

4.3CVSS5.2AI score0.42009EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2012/08/10 12:0 a.m.266 views

Gentoo Security Advisory GLSA 201206-24 (apache tomcat)

The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.1AI score0.9444EPSS
Exploits33
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.47 views

Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web...

4.3CVSS5.7AI score0.42009EPSS
Exploits4References11
OpenVAS
OpenVAS
added 2011/10/20 12:0 a.m.54 views

Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.3CVSS6.8AI score0.98945EPSS
Exploits79References71
RedHat Linux
RedHat Linux
added 2011/06/22 11:31 p.m.92 views

Moderate: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update

JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

5CVSS6.3AI score0.52507EPSS
Exploits17References12
Oracle linux
Oracle linux
added 2011/05/28 12:0 a.m.58 views

tomcat6 security and bug fix update

6.0.24-33 - resolves: rhbz 695284 - multiple instances logging fiasco 6.0.24-32 - Resolves: rhbz 698624 - inet4address can't be cast to String 6.0.24-31 - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error 6.0.24-30 - Resolves: rhbz697504 initscript logging location 6.0.24-29 - Resolves:...

5CVSS0.4AI score0.42009EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.30 views

openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)

This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

4.3CVSS5.2AI score0.42009EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.39 views

openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)

This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

4.3CVSS5.2AI score0.42009EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/01/14 12:0 a.m.48 views

Apache Tomcat 7.0.0 < 7.0.5

The version of Tomcat installed on the remote host is prior to 7.0.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.5security-7 advisory. - Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0....

4.3CVSS5.6AI score0.42009EPSS
Exploits1References3
Apache Tomcat
Apache Tomcat
added 2010/12/01 12:0 a.m.51 views

Fixed in Apache Tomcat 7.0.5

Low: Cross-site scripting CVE-2010-4172 The Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting. The CSRF protection, which is enabled by default, prevents an attacker from exploiting this. This was fixed in...

4.3CVSS5AI score0.42009EPSS
Exploits1Affected Software1
NVD
NVD
added 2010/11/26 8:0 p.m.18 views

CVE-2010-4172

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

4.3CVSS4.5AI score0.42009EPSS
Exploits1References24
CVE
CVE
added 2010/11/26 7:0 p.m.121 views

CVE-2010-4172

CVE-2010-4172 affects Apache Tomcat 6.0.12–6.0.29 and 7.0.0–7.0.4, with multiple XSS vulnerabilities in the Tomcat Manager app (sessionsList.jsp via orderBy/sort, and input to sessionDetail.jsp or JspHelper.java) exploitable by remote attackers, related to untrusted web applications. The connecte...

4.3CVSS5.9AI score0.42009EPSS
Exploits1References24Affected Software1
Rows per page
Query Builder