33 matches found
Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.100security-7 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...
K66289873: Apache Tomcat vulnerability CVE-2019-17569
Security Advisory Description The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...
Mageia: Security Advisory (MGASA-2020-0138)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0631-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:0598-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities.
Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed. Vulnerability Details CVEID: CVE-2020-1935 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual...
Debian DSA-4673-1 : tomcat8 - security update
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector disabled by default in Debian. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 4680-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4673-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4673-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2020 https://www.debian.org/security/faq -...
The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569
h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2020-1935|https://vulners.com/cve/CVE-2020-1935 CVE-2019-17569|https://vulners.com/cve/CVE-2019-17569 CVE-2020-1938|https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2020-1938 Which affects the following...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release
Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release
Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3 (Important) (RHSA-2020:1520)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1520 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.53 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-1938, CVE-2020-1935 and CVE-2019-17569 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1938 DESCRIPTION: Apach...
openSUSE Security Update : tomcat (openSUSE-2020-345)
This update for tomcat to version 9.0.31 fixes the following issues : Security issues fixed : - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling bsc1164825. - CVE-2020-1935: Fixed an HTTP Request Smuggling issue...
Amazon Linux AMI : tomcat7 (ALAS-2020-1352)
The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...
Updated tomcat packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...