12 matches found
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8
Summary Third party reported 'Stored XSS' and 'CSRF' issues, Apache Tomcat, Apache ActiveMQ, CKEditor, libcURL, xmlbeans, scala-library, json-smart, jna-platform, jackson-databind, commons-io, shiro-core, commons-net, snappy-java, xercesImpl are identified as vulnerable components with multiple...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...
K49622415: Apache Tomcat vulnerability CVE-2022-25762
Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...
Amazon Linux AMI : tomcat8 (ALAS-2022-1627)
The version of tomcat8 installed on the remote host is prior to 8.5.81-1.91. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1627 advisory. A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocke...
Security Bulletin: IBM UrbanCode Build is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).
Summary Apache Tomcat is used by IBM UrbanCode Build. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending ...
Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sendin...
CVE-2022-25762
creationtimestamp| type| source ---|---|--- 2022-05-13 12:26:42+00:00| seen| https://t.me/cibsecurity/42604...
CVE-2022-25762
CVE-2022-25762 is a concrete vulnerability in Apache Tomcat affecting WebSocket handling. When a WebSocket message is sent concurrently with closing the connection on Tomcat 8.5.0–8.5.75 or 9.0.0.M1–9.0.20, the application may continue to use a socket after it has been closed. The described error...
CVE-2022-25762
A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...
Apache Tomcat Request Mix-up Vulnerability (May 2022) - Windows
Apache Tomcat is prone to a request mix-up vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Apache Tomcat 9.0.0.M1 < 9.0.21
The version of Tomcat installed on the remote host is prior to 9.0.21. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.21security-9 advisory. - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running ...
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4847 advisory. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 - bootstrap: XSS in the data-target attribute CVE-2016-10735 - bootstrap:...