Photon OS 1.0: Apache PHSA-2016-0011

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2016-0011. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid203069...

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Vulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817. Vulnerability Details CVEID: CVE-2016-6796 DESCRIPTIO...

K49160100: Apache Tomcat vulnerability CVE-2016-6817

Security Advisory Description The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. CVE-2016-6817 Impact There is no impact; F5...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to...

Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)

Summary Apache Tomcat is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote...

Security Bulletin: Open Source Apache Tomcat Vulnerabilities (CVE-2016-6817, CVE-2016-8735, CVE-2016-6816)

Summary Issues with Apache Tomcat Vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2016-6817 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to enter an infinite loop,...

CVE-2016-6817

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible...

CVE-2016-6817

CVE-2016-6817 affects the HTTP/2 header parser in Apache Tomcat 9.0.0.M1–M11 and 8.5.0–8.5.6, which can enter an infinite loop when a header exceeds the available buffer, enabling a denial-of-service. The connected documents specify remediation by upgrading to fixed releases: Tomcat 9.0.0.M13 or ...

Apache Tomcat denial of service vulnerability, CVE-2016-6817）

The HTTP/2 header parser entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. This was fixed in revision 1765794. This issue was reported as 60232 on 10 October 2016 and the security implications identified by...

Fedora 24 : 1:tomcat (2016-a98c560116)

This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs : - \1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system websit...

Fedora Update for tomcat FEDORA-2016-98cca07999

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for tomcat FEDORA-2016-9c33466fbb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : 1:tomcat (2016-9c33466fbb)

This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs : - \1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system websit...

SOL49160100 - Apache Tomcat vulnerability CVE-2016-6817

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

Fixed in Apache Tomcat 8.5.8

Note: The issues below were fixed in Apache Tomcat 8.5.7 but the release vote for the 8.5.7 release candidate did not pass. Therefore, although users must download 8.5.8 to obtain a version that includes fixes for these issues, version 8.5.7 is not included in the list of affected versions...