5 matches found
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Apache Tomcat信息泄露漏洞(CVE-2011-2481)
BUGTRAQ ID: 49147 CVE ID: CVE-2011-2481 Tomcat是由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器,按照Sun Microsystems提供的技术规范,实现了对Servlet和JavaServer Page(JSP)的支持,并提供了作为Web服务器的一些特有功能. Tomcat在实现上存在本地信息泄露漏洞,本地攻击者可利用此漏洞泄露敏感信息。 此漏洞源于Jsvc库中的错误,没有解除应用程序访问超级用户拥有的文件和目录。 Apache Group Tomcat 厂商补丁: Apache Group ----------...
CVE-2011-2481
CVE-2011-2481 affects Apache Tomcat 7.0.x prior to 7.0.17. A crafted application loaded earlier than the target can replace the XML parser used by other web applications, allowing local users to read or modify (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications. This vuln...
CVE-2011-2481
Removed by vendor...
Fixed in Apache Tomcat 7.0.19
Low: Information disclosure CVE-2011-2526 Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request...