Lucene search
K

52 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.59 views

K04623854: Apache Tomcat vulnerability CVE-2018-1304

Security Advisory Description The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the...

5.9CVSS6.6AI score0.17716EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.32 views

Mageia: Security Advisory (MGASA-2018-0149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.17716EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2018:1847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.17716EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.40 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

7.5CVSS0.3AI score0.44244EPSS
Exploits2Affected Software7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.46 views

SUSE: Security Advisory (SUSE-SU-2018:3388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.94494EPSS
Exploits5References11
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.34 views

SUSE: Security Advisory (SUSE-SU-2018:0817-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.17716EPSS
Exploits2References6
Amazon
Amazon
added 2020/03/09 12:0 a.m.75 views

Important: tomcat

Issue Overview: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 The URL pattern of "" the empty string which...

9.8CVSS8.7AI score0.9927EPSS
Exploits47
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.57 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2675)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.213EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.50 views

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2019-2361)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

7.5CVSS7.2AI score0.45571EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.68 views

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

7.5CVSS7.6AI score0.213EPSS
Exploits2References4
Cent OS
Cent OS
added 2019/08/30 4:27 a.m.181 views

tomcat security update

CentOS Errata and Security Advisory CESA-2019:2205 An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7AI score0.21979EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.86 views

CentOS 7 : tomcat (CESA-2019:2205)

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS7.6AI score0.21979EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2019/08/27 12:0 a.m.58 views

Scientific Linux Security Update : tomcat on SL7.x x86_64 (20190806)

Security Fixes : - tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 - tomcat: Late application of security constraints can lead to resource exposure for unauthorised users CVE-2018-1305 - tomcat: Insecure defaults in...

9.8CVSS7.6AI score0.21979EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/06 10:45 p.m.46 views

Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)

Summary Public disclosed vulnerability from Apache Tomcat Vulnerability Details CVEID: CVE-2018-1305 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets...

6.5CVSS0.5AI score0.17716EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/25 8:45 p.m.39 views

Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)

Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-1305 Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security...

6.5CVSS0.8AI score0.17716EPSS
Exploits2Affected Software1
OSV
OSV
added 2018/10/19 2:5 p.m.26 views

SUSE-SU-2018:3261-1 Security update for tomcat

This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a director...

9.8CVSS7.4AI score0.94494EPSS
Exploits5References15
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.205 views

Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update

An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.7AI score0.99988EPSS
Exploits54References10
Debian
Debian
added 2018/08/29 6:29 a.m.65 views

[SECURITY] [DSA 4281-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4281-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 29, 2018 https://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.213EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/07/30 12:0 a.m.57 views

Debian DLA-1450-1 : tomcat8 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the...

6.5CVSS7.1AI score0.17716EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.52 views

Debian: Security Advisory (DLA-1400-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.708EPSS
Exploits6References3
Rows per page
Query Builder