44 matches found
RHEL 8 : 10.6_pki-servlet-container (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Apache Tomcat HTTP/2 DoS CVE-2019-0199 Note that Nessus has not tested for this issue but has instead relie...
Apache Tomcat 8.5.0 < 8.5.38
The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.38security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...
RHEL 8 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...
K93000310: Apache Tomcat vulnerability CVE-2019-0199
Security Advisory Description The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)
The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...
Mageia: Security Advisory (MGASA-2019-0260)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.41 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2019-0199 and CVE-2019-10072 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2019-0199 DESCRIPTION: Apache...
SUSE: Security Advisory (SUSE-SU-2019:1825-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.12 security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1772)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4596-1 : tomcat8 - security update
Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects. C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DSA 4596-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4596-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.2 security (Important) (RHSA-2019:3929)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3929 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release
Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
openSUSE Security Update : tomcat (openSUSE-2019-1808)
This update for tomcat to version 9.0.21 fixes the following issues : Security issues fixed : - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerabilit...
Amazon Linux AMI : tomcat8 (ALAS-2019-1234)
The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able...
Security update for tomcat (moderate)
openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1808-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is no...
openSUSE Security Update : tomcat (openSUSE-2019-1723)
This update for tomcat to version 9.0.21 fixes the following issues : Security issue fixed : - CVE-2019-0199: Added additional fixes to address HTTP/2 connection window exhaustion bsc1139924. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Networ...