24 matches found
Ubuntu: Security Advisory (USN-7282-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - When using the RemoteIpFilte...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...
Important: tomcat7
Issue Overview: 2023-05-11: CVE-2017-12616 was added to this advisory. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...
Mageia: Security Advisory (MGASA-2017-0352)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:3059-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
Debian: Security Advisory (DLA-1400-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1400-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.88-1 CVE ID : CVE-2017-7674 CVE-2017-12616 CVE-2018-1304 CVE-2018-1305 CVE-2018-8014 Debian Bug : 802312 898935 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2017-7674 The CORS Filter in Apache Tomcat...
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)
Summary Jazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION: Apache Tomcat could allow a remote...
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)
Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION...
Ubuntu: Security Advisory (USN-3665-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3665-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...
CVE-2017-12616
No description provided...
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
An information disclosure vulnerability exists in Apache Tomcat. By crafting a malicious request an attacker may view the source code of jsp files for resources...
Tomcat information disclosure Vulnerability(CVE-2017-12616 )analysis
Several recent Tomcat CVE CVE-2017-5664 Tomcat Security Constraint Bypass CVE-2017-12615 remote code execution vulnerability CVE-2017-12616 information disclosure vulnerability Common Is tasteless With JspServlet and DefaultServlet about the system. CVE-2017-12615 this remote code execution are...
CVE-2017-12616
CVE-2017-12616 affects Apache Tomcat 7.0.0–7.0.80 with VirtualDirContext, enabling bypass of security constraints and viewing JSP source via a crafted request. Affected products/versions are documented in multiple advisories; remediation is to upgrade to a newer Tomcat 7.x release (e.g., Debian/R...