Lucene search
K

174 matches found

RedHat Linux
RedHat Linux
added 2017/07/25 5:46 p.m.6 views

tomcat: Security constrained bypass in error page mechanism

A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page...

7.5CVSS7.2AI score0.16567EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2017/06/21 12:0 a.m.51 views

Debian DLA-996-1 : tomcat7 security update

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS7.8AI score0.16567EPSS
Exploits1References3
OSV
OSV
added 2017/06/06 12:0 a.m.5 views

UBUNTU-CVE-2017-5664

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS7.1AI score0.16567EPSS
Exploits1References5
Apache Tomcat
Apache Tomcat
added 2017/05/16 12:0 a.m.72 views

Fixed in Apache Tomcat 7.0.78

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/05/10 12:0 a.m.60 views

Fixed in Apache Tomcat 9.0.0.M21

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/05/10 12:0 a.m.65 views

Fixed in Apache Tomcat 8.5.15

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2015/03/31 5:0 p.m.6 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.4 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.5 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.2 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/09 3:16 p.m.6 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/07 2:49 p.m.10 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/07 2:49 p.m.7 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/07 2:49 p.m.5 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

5CVSS6.7AI score0.2006EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/07/03 5:0 p.m.3 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet. If an ht...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.67 views

IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory. This is possib...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2014/05/31 10:0 a.m.35 views

CVE-2014-0096

Removed by vendor...

4.3CVSS6.9AI score0.06905EPSS
Exploits0
CVE
CVE
added 2014/05/31 10:0 a.m.173 views

CVE-2014-0096

CVE-2014-0096 affects Apache Tomcat: DefaultServlet.jspXXE via XML External Entity in XSLT; tracked in Tomcat 6/7/8 lines (older than 6.0.40, 7.x < 7.0.53, 8.x

4.3CVSS7.8AI score0.06905EPSS
Exploits0References48Affected Software1
Rows per page
Query Builder