SUSE: Security Advisory (SUSE-SU-2013:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2013-0623)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)

fix bnc794548 - denial of service CVE-2012-4534 - apache-tomcat-CVE-2012-4534.patch fixes apache53138, apache52858 http://svn.apache.org/viewvc?view=rev&rev=1372035 - fix a minor issue in apache-tomcat-CVE-2012-4431.patch use the already initialized session variable instead of an another call...

openSUSE Security Update : tomcat (openSUSE-SU-2013:0170-1)

fix bnc794548 - denial of service CVE-2012-4534 - tomcat-CVE-2012-4534.patch fixes apache53138, apache52858 http://svn.apache.org/viewvc?view=rev&rev=1340218 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

VMware Security Updates for vCenter Server (VMSA-2013-0006)

The version of VMware vCenter installed on the remote host is 5.1 prior to update 1. It therefore is potentially affected by the following vulnerabilities : - When deployed in an environment that uses Active Directory with anonymous LDAP binding enabled, VMware vCenter doesn't properly handle log...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311)

It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticatorauthenticate such as the Single-Sign-On valve, it was possible to bypass the security constraint checks in the FORM authenticator by...

CentOS 6 : tomcat6 (CESA-2013:0623)

Updated tomcat6 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

tomcat6 security update

0:6.0.24-52 - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. 0:6.0.24-50 - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST...

SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

Ubuntu: Security Advisory (USN-1685-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)

A denial of service vulnerability has been reported in Apache Tomcat. The vulnerability is due to an infinite loop in NIO Connector when a client breaks the connection in the middle of reading the response for a request to a big file. An unauthenticated, remote attacker can exploit this...

CVE-2012-4534

The CVE-2012-4534 issue affects Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28. When using the NIO connector with sendfile over HTTPS, the NioEndpoint can enter an infinite loop if the client terminates the connection while reading a response, causing a denial of service. The root cause is...

FreeBSD Ports: tomcat

The remote host is missing an update to the system as announced in the referenced advisory. Copyright C 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

Apache Tomcat 7.0.0 < 7.0.28 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.28. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.28security-7 advisory. - java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6...

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders function that allows for a crafted header to cause a remote...

Fixed in Apache Tomcat 7.0.28

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...