174 matches found
tomcat: Security constrained bypass in error page mechanism
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page...
Debian DLA-996-1 : tomcat7 security update
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
UBUNTU-CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
Fixed in Apache Tomcat 7.0.78
Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
Fixed in Apache Tomcat 9.0.0.M21
Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
Fixed in Apache Tomcat 8.5.15
Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...
Tomcat/JBossWeb: XML parser hijack by malicious web application
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XML parser hijack by malicious web application
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update
Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet. If an ht...
IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory. This is possib...
CVE-2014-0096
Removed by vendor...
CVE-2014-0096
CVE-2014-0096 affects Apache Tomcat: DefaultServlet.jspXXE via XML External Entity in XSLT; tracked in Tomcat 6/7/8 lines (older than 6.0.40, 7.x < 7.0.53, 8.x