13 matches found
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2017-5645 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)
This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web...
Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Moderate: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update
JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...
tomcat6 security and bug fix update
6.0.24-33 - resolves: rhbz 695284 - multiple instances logging fiasco 6.0.24-32 - Resolves: rhbz 698624 - inet4address can't be cast to String 6.0.24-31 - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error 6.0.24-30 - Resolves: rhbz697504 initscript logging location 6.0.24-29 - Resolves:...
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)
This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)
This update fixes a cross-site scripting vulnerability that affects the session list screen. This can be used to steal session cookies because tomcat 6 does not use the httpOnly flag for its cookies. CVE-2010-4172 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
Apache Tomcat 7.0.0 < 7.0.5
The version of Tomcat installed on the remote host is prior to 7.0.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.5security-7 advisory. - Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0....
Fixed in Apache Tomcat 7.0.5
Low: Cross-site scripting CVE-2010-4172 The Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting. The CSRF protection, which is enabled by default, prevents an attacker from exploiting this. This was fixed in...
CVE-2010-4172
Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...
CVE-2010-4172
CVE-2010-4172 affects Apache Tomcat 6.0.12–6.0.29 and 7.0.0–7.0.4, with multiple XSS vulnerabilities in the Tomcat Manager app (sessionsList.jsp via orderBy/sort, and input to sessionDetail.jsp or JspHelper.java) exploitable by remote attackers, related to untrusted web applications. The connecte...