Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2019-0221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore...

6.1CVSS6.8AI score0.45571EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/07/24 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-6908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.4AI score0.56636EPSS
Exploits18References2
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.40 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-6908-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6908-1 advisory. It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly...

7CVSS7.6AI score0.56636EPSS
Exploits18References4
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.47 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...

7.5CVSS7.8AI score0.87553EPSS
Exploits25References17
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.36 views

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - When using the RemoteIpFilte...

7.5CVSS7.3AI score0.708EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.49 views

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...

8.5AI score0.73139EPSS
Exploits28References15
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.44 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-014)

The version of tomcat installed on the remote host is prior to 8.5.40-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-014 advisory. The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided da...

6.1CVSS7AI score0.45571EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.46 views

Amazon Linux 2 : tomcat (ALAS-2023-2200)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2200 advisory. The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data...

6.1CVSS7AI score0.45571EPSS
Exploits3References4
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.83 views

K13184144: Apache Tomcat vulnerability CVE-2019-0221

Security Advisory Description The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is...

6.1CVSS7AI score0.45571EPSS
Exploits3Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.36 views

Mageia: Security Advisory (MGASA-2019-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.72988EPSS
Exploits3References7
0day.today
0day.today
added 2021/07/13 12:0 a.m.278 views

Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Vulnerability

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is not enabled by...

6.1CVSS7AI score0.45571EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.740 views

Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Date: 05/21/2019 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is no...

6.1CVSS7AI score0.45571EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.63 views

Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

6.1CVSS0.4AI score0.45571EPSS
Exploits3Affected Software6
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.36 views

SUSE: Security Advisory (SUSE-SU-2020:1498-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.56636EPSS
Exploits18References8
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.59 views

GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-43 Apache Tomcat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly smuggle HTTP...

9.8CVSS7.2AI score0.9927EPSS
Exploits48References5
Tenable Nessus
Tenable Nessus
added 2020/03/18 12:0 a.m.57 views

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

9.8CVSS7.2AI score0.9927EPSS
Exploits48References11
RedHat Linux
RedHat Linux
added 2020/03/17 1:13 p.m.100 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.9927EPSS
Exploits48References6
RedHat Linux
RedHat Linux
added 2020/03/17 1:10 p.m.97 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7AI score0.9927EPSS
Exploits48References7
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.52 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1885)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.2AI score0.45571EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-2047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.94494EPSS
Exploits6References2
Rows per page
Query Builder