Lucene search
K

16 matches found

OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2013:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8AI score0.12098EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2014/06/26 12:0 a.m.34 views

RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0268)

Updated tomcat7 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

4.3CVSS8.1AI score0.09146EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.38 views

openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)

fix bnc794548 - denial of service CVE-2012-4534 - apache-tomcat-CVE-2012-4534.patch fixes apache53138, apache52858 http://svn.apache.org/viewvc?view=rev&rev=1372035 - fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call...

4.3CVSS8.2AI score0.09146EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2013/03/15 12:0 a.m.36 views

RHEL 5 / 6 : jbossweb (RHSA-2013:0647)

Updated jbossweb packages for JBoss Enterprise Application Platform 6.0.1 that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

5CVSS6.2AI score0.12098EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2013/02/04 12:0 a.m.41 views

SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...

5CVSS6.1AI score0.12098EPSS
Exploits7References24
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.44 views

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

4.3CVSS6.7AI score0.11975EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.38 views

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.9AI score0.11975EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-1685-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.7AI score0.11975EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2013/01/14 1:50 p.m.92 views

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.8AI score0.11975EPSS
Exploits3
NVD
NVD
added 2012/12/19 11:55 a.m.27 views

CVE-2012-4431

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

4.3CVSS9.4AI score0.09146EPSS
Exploits1References25
CVE
CVE
added 2012/12/19 11:0 a.m.147 views

CVE-2012-4431

CVE-2012-4431 affects Apache Tomcat 6.x earlier than 6.0.36 and 7.x earlier than 7.0.32. The vulnerability resides in CsrfPreventionFilter, allowing remote attackers to bypass CSRF protection via a request that lacks a session identifier. The connected documents confirm the affected component pat...

4.3CVSS9.2AI score0.09146EPSS
Exploits1References25Affected Software1
UbuntuCve
UbuntuCve
added 2012/12/19 12:0 a.m.27 views

CVE-2012-4431

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

4.3CVSS7.4AI score0.09146EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2012/11/26 12:0 a.m.42 views

FreeBSD Ports: tomcat

The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

5CVSS6.6AI score0.11975EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2012/11/21 12:0 a.m.81 views

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders function that allows for a crafted header to cause a remote...

5CVSS6.1AI score0.12098EPSS
Exploits5References11
Apache Tomcat
Apache Tomcat
added 2012/10/19 12:0 a.m.55 views

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

5CVSS6.9AI score0.11975EPSS
Exploits4Affected Software1
Apache Tomcat
Apache Tomcat
added 2012/10/09 12:0 a.m.46 views

Fixed in Apache Tomcat 7.0.32

Important: Bypass of CSRF prevention filter CVE-2012-4431 The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. This was fixed in revision 1393088. This issue was identified by the Tomcat security team on 8...

4.3CVSS9.4AI score0.09146EPSS
Exploits1Affected Software1
Rows per page
Query Builder