38 matches found
CLEANSTART-2026-MR27796 Security fixes for CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708, CVE-2025-31650, CVE-2025-31651 applied in versions: 10.1.53-r0, 9.0.58-r0, 9.0.63-r0, 9.0.64-r0, 9.0.68-r0, 9.0.70-r0, 9.0.71-r0, 9.0.73-r0, 9.0.80-r0
Multiple security vulnerabilities affect the tomcat10 package. These issues are resolved in later releases. See references for individual vulnerability details...
Linux Distros Unpatched Vulnerability : CVE-2022-45143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some...
RHEL 9 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - tomcat: JsonErrorReportValve injection...
RHEL 8 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...
RHEL 9 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Fix for CVE-2023-24998 was incomplete CVE-2023-28709 Note that Nessus has not tested for this issue but has...
Atlassian Confluence 7.13.x / 7.19.1 < 7.19.16 (CONFSERVER-93173)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93173 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . Multiple CVEs
Summary There is a vulnerability in Apache Tomcat that could allow a remote attacker to bypass security restrictions and obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-45143
Summary There is a vulnerability in Apache Tomcat could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apach...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat (CVE-2022-45143).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat caused by the JsonErrorReportValve function not escaping the type, message or description values CVE-2022-45143. Apache Tomcat is included as part of our speech...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2)
The version of AOS installed on the remote host is prior to 6.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2 advisory. - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain...
Oracle MySQL Enterprise Monitor (Apr 2023 CPU)
The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the MySQL Workbench product of Oracle MySQL component: Workbench OpenSSL. Supported versions that are affected are 8.0.32...
K000133390: Apache Tomcat vulnerability CVE-2022-45143
Security Advisory Description The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply...
SUSE: Security Advisory (SUSE-SU-2023:1853-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated tomcat packages fix security vulnerability
Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2023:1853-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1853-1 advisory. - CVE-2022-45143: Fixed JsonErrorReportValve injection bsc1206840. Tenable has extracted the preceding description block...
SUSE-SU-2023:1853-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2022-45143: Fixed JsonErrorReportValve injection bsc1206840...
Low: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.2 release and security update
An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.2 (RHSA-2023:1663)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1663 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
[SECURITY] [DSA 5381-1] tomcat9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5381-1 [email protected] https://www.debian.org/security/ Markus Koschany April 05, 2023 https://www.debian.org/security/faq -...
Nutanix AOS : (NXSA-AOS-6.6.0.5)
The version of AOS installed on the remote host is prior to 6.6.0.5. It is, therefore, affected by a vulnerability as referenced in the NXSA-AOS-6.6.0.5 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or...