48 matches found
Apache Tomcat 7.0.0 < 7.0.99 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.99security-7 advisory. - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to...
Apache Tomcat 9.0.0.M1 < 9.0.29 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.29. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.29security-9 advisory. - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...
Amazon Linux 2 : tomcat (ALAS-2023-2047)
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2047 advisory. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker...
K10107360: Apache Tomcat vulnerability CVE-2019-12418
Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...
SUSE: Security Advisory (SUSE-SU-2020:0226-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4680-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat (core only) vulnerabilities.
Summary IBM Integration Bus is affected by an Apache Tomcat vulnerability which was reported and has been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2019-12418 DESCRIPTION: Apache Tomcat could allow a local attacker to gain elevated privileges on the syste...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release
Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release
Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3 (Important) (RHSA-2020:1520)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1520 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1438)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-12418
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...
Debian: Security Advisory (DLA-2155-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2155-1] tomcat8 security update
Package : tomcat8 Version : 8.0.14-1+deb8u16 CVE ID : CVE-2019-12418 Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture...
GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-43 Apache Tomcat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly smuggle HTTP...
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...