Linux Distros Unpatched Vulnerability : CVE-2016-0762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not proce...

K36784855: Apache Tomcat vulnerability CVE-2016-0762

Security Advisory Description The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to...

Mageia: Security Advisory (MGASA-2016-0367)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)

Summary Apache Tomcat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert (CVE-2016-1240, CVE-2016-6797, etc)

Summary OpenSSL vulnerabilities were disclosed recently by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could...

SUSE: Security Advisory (SUSE-SU-2017:1660-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4557-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remot...

Security Bulletin:Vulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge

Summary OpenSSL and Apache Tomcat vulnerabilities were disclosed recently, OpenSSL and Apache Tomcat are used by Rational BuildForge. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could allow a local attacker to gain...

Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's

Summary Apache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specifie...

Security Bulletin: There are multiple vulnerabilities in IBM Java Runtime and Apache Tomcat that affect IBM Cognos Business Viewpoint

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by IBM Cognos Business Viewpoint. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulernabilities in Apache Tomcat also affect IBM Cognos Business Viewpoint. Vulnerability...

CentOS 7 : tomcat (CESA-2017:2247)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170802)

The following packages have been upgraded to a later upstream version: tomcat 7.0.76. Security Fixes : - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default...

CVE-2016-0762

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...

SUSE-SU-2017:1660-1 Security update for tomcat

Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users bsc1007854 -...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...