16 matches found
SUSE: Security Advisory (SUSE-SU-2013:0226-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0268)
Updated tomcat7 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)
fix bnc794548 - denial of service CVE-2012-4534 - apache-tomcat-CVE-2012-4534.patch fixes apache53138, apache52858 http://svn.apache.org/viewvc?view=rev&rev=1372035 - fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call...
RHEL 5 / 6 : jbossweb (RHSA-2013:0647)
Updated jbossweb packages for JBoss Enterprise Application Platform 6.0.1 that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)
This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...
Ubuntu Update for tomcat7 USN-1685-1
Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)
It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...
Ubuntu: Security Advisory (USN-1685-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1685-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
CVE-2012-4431
CVE-2012-4431 affects Apache Tomcat 6.x earlier than 6.0.36 and 7.x earlier than 7.0.32. The vulnerability resides in CsrfPreventionFilter, allowing remote attackers to bypass CSRF protection via a request that lacks a session identifier. The connected documents confirm the affected component pat...
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
FreeBSD Ports: tomcat
The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders function that allows for a crafted header to cause a remote...
Fixed in Apache Tomcat 6.0.36
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
Fixed in Apache Tomcat 7.0.32
Important: Bypass of CSRF prevention filter CVE-2012-4431 The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. This was fixed in revision 1393088. This issue was identified by the Tomcat security team on 8...