52 matches found
K04623854: Apache Tomcat vulnerability CVE-2018-1304
Security Advisory Description The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the...
Mageia: Security Advisory (MGASA-2018-0149)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1847-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology
Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...
SUSE: Security Advisory (SUSE-SU-2018:3388-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: tomcat
Issue Overview: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 The URL pattern of "" the empty string which...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2019-2361)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....
EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....
tomcat security update
CentOS Errata and Security Advisory CESA-2019:2205 An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CentOS 7 : tomcat (CESA-2019:2205)
An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Scientific Linux Security Update : tomcat on SL7.x x86_64 (20190806)
Security Fixes : - tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 - tomcat: Late application of security constraints can lead to resource exposure for unauthorised users CVE-2018-1305 - tomcat: Insecure defaults in...
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)
Summary Public disclosed vulnerability from Apache Tomcat Vulnerability Details CVEID: CVE-2018-1305 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets...
Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)
Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-1305 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security...
SUSE-SU-2018:3261-1 Security update for tomcat
This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a director...
Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
[SECURITY] [DSA 4281-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4281-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 29, 2018 https://www.debian.org/security/faq -...
Debian DLA-1450-1 : tomcat8 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the...
Debian: Security Advisory (DLA-1400-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...