Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/18 7:56 a.m.70 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8

Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...

10CVSS9.9AI score0.99999EPSS
Exploits138Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.49 views

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...

8.5AI score0.71653EPSS
Exploits28References15
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.78 views

K49622415: Apache Tomcat vulnerability CVE-2022-25762

Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...

8.6CVSS8.1AI score0.07538EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.71 views

Amazon Linux AMI : tomcat8 (ALAS-2022-1627)

The version of tomcat8 installed on the remote host is prior to 8.5.81-1.91. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1627 advisory. A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocke...

8.6CVSS7.2AI score0.71653EPSS
Exploits5References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 3:29 p.m.39 views

Security Bulletin: IBM UrbanCode Build is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).

Summary Apache Tomcat is used by IBM UrbanCode Build. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending ...

8.6CVSS8.2AI score0.07538EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 3:23 p.m.32 views

Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).

Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sendin...

8.6CVSS8.2AI score0.07538EPSS
Exploits0Affected Software1
Circl
Circl
added 2022/05/13 12:26 p.m.3 views

CVE-2022-25762

creationtimestamp| type| source ---|---|--- 2022-05-13 12:26:42+00:00| seen| https://t.me/cibsecurity/42604...

8.6CVSS6.9AI score0.07538EPSS
Exploits0References1
CVE
CVE
added 2022/05/13 7:50 a.m.1228 views

CVE-2022-25762

CVE-2022-25762 is a concrete vulnerability in Apache Tomcat affecting WebSocket handling. When a WebSocket message is sent concurrently with closing the connection on Tomcat 8.5.0–8.5.75 or 9.0.0.M1–9.0.20, the application may continue to use a socket after it has been closed. The described error...

8.6CVSS8.3AI score0.07538EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/13 12:41 a.m.281 views

CVE-2022-25762

A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...

8.6CVSS0.9AI score0.07538EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.100 views

Apache Tomcat 9.0.0.M1 < 9.0.21

The version of Tomcat installed on the remote host is prior to 9.0.21. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.21security-9 advisory. - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running ...

8.6CVSS7.3AI score0.07538EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.20 views

Apache Tomcat Request Mix-up Vulnerability (May 2022) - Windows

Apache Tomcat is prone to a request mix-up vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

8.6CVSS8.5AI score0.07538EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.130 views

CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4847 advisory. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 - bootstrap: XSS in the data-target attribute CVE-2016-10735 - bootstrap:...

9.8CVSS7.5AI score0.9927EPSS
Exploits65References14
Rows per page
Query Builder