Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2012:0155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2011-1780)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 / 6 : jbossweb (RHSA-2012:0074)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0074 advisory. - tomcat: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 - tomcat: securit...

Gentoo Security Advisory GLSA 201206-24 (apache tomcat)

The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)

Check for the Version of tomcat6 OpenVAS Vulnerability Test $Id: gbsuse201202081.nasl 8265 2018-01-01 06:29:23Z teissa $ SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 tomcat6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This progr...

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...

Debian Security Advisory DSA 2401-1 (tomcat6)

The remote host is missing an update to tomcat6 announced via advisory DSA 2401-1. OpenVAS Vulnerability Test $Id: deb24011.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2401-1 tomcat6 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)

This update fixes a regression in parameter passing in urldecoding of parameters that contain spaces. In addition, multiple weaknesses in HTTP DIGESTS are fixed CVE-2011-1184. CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0....

Important: Red Hat Security Advisory: jbossweb security update

Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS ba...

CVE-2011-5063

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

CVE-2011-5063

CVE-2011-5063 describes an issue in Apache Tomcat’s HTTP Digest Access Authentication where the realm values are not checked, enabling bypass of access controls by exploiting a protection space with weaker requirements (distinct from CVE-2011-1184). Related documents (CVE-2011-1184, CVE-2012-5885...

Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities

Binary data 5882.pasl...

Fixed in Apache Tomcat 7.0.12

Important: Information disclosure CVE-2011-1475 Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of respons...