Lucene search
K

44 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : 10.6_pki-servlet-container (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Apache Tomcat HTTP/2 DoS CVE-2019-0199 Note that Nessus has not tested for this issue but has instead relie...

7.5CVSS6.8AI score0.72855EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.25 views

Apache Tomcat 8.5.0 < 8.5.38

The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.38security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...

7.5CVSS6.6AI score0.72855EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...

8.1AI score0.73139EPSS
Exploits5References2
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.44 views

K93000310: Apache Tomcat vulnerability CVE-2019-0199

Security Advisory Description The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...

7.5CVSS6.5AI score0.72855EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.53 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...

9.8CVSS8.4AI score0.9927EPSS
Exploits64References21
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.36 views

Mageia: Security Advisory (MGASA-2019-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.72988EPSS
Exploits3References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/02 9:53 a.m.49 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.41 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2019-0199 and CVE-2019-10072 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2019-0199 DESCRIPTION: Apache...

7.5CVSS0.1AI score0.72988EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2019:1825-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.72855EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/04 1:6 p.m.100 views

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.12 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.8CVSS6.6AI score0.72855EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1772)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.94494EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2019/12/30 12:0 a.m.68 views

Debian DSA-4596-1 : tomcat8 - security update

Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects. C Tenable Network Security, Inc. The descriptive text and package...

9.8CVSS6.5AI score0.94494EPSS
Exploits6References9
Debian
Debian
added 2019/12/27 10:15 p.m.205 views

[SECURITY] [DSA 4596-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4596-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...

9.8CVSS7.8AI score0.94494EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2019/11/22 12:0 a.m.81 views

RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.2 security (Important) (RHSA-2019:3929)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3929 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

9.3CVSS7.1AI score0.99652EPSS
Exploits16References14
RedHat Linux
RedHat Linux
added 2019/11/20 4:8 p.m.4 views

tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

7.5CVSS7.2AI score0.72988EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/20 4:8 p.m.144 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

9.3CVSS7AI score0.99652EPSS
Exploits16References7
RedHat Linux
RedHat Linux
added 2019/11/20 4:4 p.m.106 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.9AI score0.72988EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.42 views

openSUSE Security Update : tomcat (openSUSE-2019-1808)

This update for tomcat to version 9.0.21 fixes the following issues : Security issues fixed : - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerabilit...

7.5CVSS6.1AI score0.72855EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.36 views

Amazon Linux AMI : tomcat8 (ALAS-2019-1234)

The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able...

7.5CVSS6.5AI score0.72855EPSS
Exploits3References3
OPENSUSE Linux
OPENSUSE Linux
added 2019/07/25 12:0 a.m.141 views

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1808-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is no...

7.5CVSS7.4AI score0.72855EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.41 views

openSUSE Security Update : tomcat (openSUSE-2019-1723)

This update for tomcat to version 9.0.21 fixes the following issues : Security issue fixed : - CVE-2019-0199: Added additional fixes to address HTTP/2 connection window exhaustion bsc1139924. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Networ...

7.5CVSS6.6AI score0.72855EPSS
Exploits0References2
Rows per page
Query Builder