20 matches found
TencentOS Server 3: tomcat (TSSA-2024:0045)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0045 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2023-42794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through...
Oracle Linux 9 : tomcat (ELSA-2024-3307)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3307 advisory. - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 - Resolves: RHEL-31032 tomcat: : Apache...
openSUSE Security Advisory (SUSE-SU-2024:0472-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2024:0472-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing bsc1216118. - CVE-2023-42794: FileUpload:...
SUSE: Security Advisory (SUSE-SU-2024:0472-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-42794
creationtimestamp| type| source ---|---|--- 2024-01-28 07:15:28+00:00| seen| https://t.me/arpsyndicate/3247 2024-02-07 13:11:50+00:00| seen| https://t.me/ctinow/180683...
Moderate: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 9 : tomcat (RHSA-2024:0474)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0474 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5)
The version of AOS installed on the remote host is prior to 6.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through...
Moderate: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...
Security Bulletin: IBM DevOps Build 7.0.0 addresses multiple vulnerabilities.
Summary IBM DevOps Build 7.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer header, an attacker...
Security Bulletin: IBM Integration Bus is vulnerable to HTTP request smuggling and a denial of service due to Apache Tomcat. (CVE-2023-46589, CVE-2023-42794)
Summary IBM Integration Bus is vulnerable to HTTP request smuggling and a denial of service due to Apache Tomcat. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.7 release and security update
Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...
Atlassian Confluence 7.19.1 < 7.19.16 / 8.3.x < 8.5.3 / 8.6.x < 8.6.1 (CONFSERVER-93164)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93164 advisory. - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and...
Security Bulletin: IBM Integration Bus is vulnerable to multiple CVEs due to Apache Tomcat.
Summary Due to Apache Tomcat, IBM Integration Bus is vulnerable to multiple CVEs. CVE-2023-45648, CVE-2023-42794, CVE-2023-44487, CVE-2023-42795. Vulnerability Details CVEID: CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP...
CVE-2023-42794
CVE-2023-42794 is an Incomplete Cleanup vulnerability in Apache Tomcat’s internal Commons FileUpload fork. It affects Tomcat 9.0.70–9.0.80 and 8.5.85–8.5.93; a partially refactored, unreleased code path could leave an uploaded file stream open if not closed, causing the file to remain on disk and...
KLA61363 Multiple vulnerabilities in Apache Tomcat
Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in HTTP/2 protocol can be...
Fixed in Apache Tomcat 9.0.81
Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...