44 matches found
CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0
Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...
USN-6943-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-004)
The version of tomcat installed on the remote host is prior to 8.5.75-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-004 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-003)
The version of tomcat installed on the remote host is prior to 9.0.58-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-003 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8...
Important: tomcat
Issue Overview: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomc...
Updated tomcat packages fix security vulnerability
Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...
K28409053: Apache Tomcat vulnerability CVE-2022-23181
Security Advisory Description The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user...
Moderate: Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2.SP1 security update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining (CVE-2022-23181)
Summary There is a vulnerability in Apache Tomcat that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23181...
Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-23181)
Summary Vulnerabilities in Apache Tomcat affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2022-23181. Please see below for details on how to remdiate this issue. Vulnerability Details CVEID:CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.0 release and security update
Red Hat JBoss Web Server 5.7.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
Debian DSA-5265-1 : tomcat9 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...
[SECURITY] [DSA 5265-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5265-1 [email protected] https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DLA 3160-1] tomcat9 security update
Debian LTS Advisory DLA-3160-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 26, 2022 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u7 CVE ID : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885 Several security vulnerabilities have been...
Amazon Linux 2022 : tomcat, tomcat-admin-webapps, tomcat-el-3.0-api (ALAS2022-2022-044)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-044 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a...
Security Bulletin: IBM UrbanCode Release is vulnerable to elevated privileges due to use of Apache Tomcat CVE-2022-23181
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat. Vulnerability Details CVEID: CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of u...