Lucene search
K

171 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.2 views

SUSE CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...

5.4CVSS7.4AI score0.10554EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.7 views

SUSE CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

6.1CVSS6.7AI score0.94494EPSS
Exploits3References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS7.6AI score0.09591EPSS
Exploits0References3
OSV
OSV
added 2022/12/24 11:4 a.m.2 views

OESA-2022-2149 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

6.1CVSS6.5AI score0.09591EPSS
Exploits0References2
OSV
OSV
added 2022/12/17 11:4 a.m.4 views

OESA-2022-2140 jetty security update

%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...

6.1CVSS6.5AI score0.09591EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 1:7 a.m.2 views

GHSA-XJGH-84HX-56C5 Unrestricted Upload of File with Dangerous Type Apache Tomcat

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

8.1CVSS7.2AI score0.99988EPSS
Exploits23References84
OSV
OSV
added 2022/05/13 1:46 a.m.40 views

GHSA-JMVV-524F-HJ5J Improper Handling of Exceptional Conditions in Apache Tomcat

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS6.5AI score0.16567EPSS
Exploits1References63
Github Security Blog
Github Security Blog
added 2022/05/13 1:46 a.m.39 views

Improper Handling of Exceptional Conditions in Apache Tomcat

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS7.6AI score0.16567EPSS
Exploits1References63Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/30 6:21 p.m.32 views

Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

7.5CVSS6.6AI score0.05254EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2022/04/30 6:21 p.m.22 views

GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

7.5CVSS6.4AI score0.05254EPSS
Exploits0References12
OSV
OSV
added 2022/04/30 6:20 p.m.26 views

GHSA-JXCV-V856-J5VG Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

5CVSS6.3AI score0.1682EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2022/04/30 6:20 p.m.25 views

Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

5CVSS6.5AI score0.1682EPSS
Exploits1References12Affected Software1
Broadcom
Broadcom
added 2020/07/06 12:0 a.m.11 views

BSA-2020-1046

Security Advisory ID : BSA-2020-1046 Component : Apache Tomcat Revision : 1.0: Final When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a speciall...

4.3CVSS6.7AI score0.94494EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.4 views

jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS7.3AI score0.09591EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.5 views

The vulnerability of Eclipse Jetty servlet containers arises from the lack of measures taken to protect the structure of web pages, allowing attackers to carry out XSS attacks.

The vulnerability of Eclipse Jetty servlet containers exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by using a specially crafted URL address for the DefaultServlet or ResourceHandler...

6.1CVSS6.4AI score0.09591EPSS
Exploits0References7Affected Software5
RedhatCVE
RedhatCVE
added 2019/11/02 9:34 a.m.46 views

CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

5.3CVSS4AI score0.94494EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2019/06/18 5:22 p.m.5 views

tomcat: Open redirect in default servlet

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

4.3CVSS6.8AI score0.94494EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.23 views

Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation

Binary data 700690.pasl...

7.5CVSS8AI score0.16567EPSS
Exploits1References2
OSV
OSV
added 2019/04/22 8:29 p.m.3 views

UBUNTU-CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS6.7AI score0.09591EPSS
Exploits0References3
OSV
OSV
added 2019/04/22 8:29 p.m.2 views

DEBIAN-CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS6.4AI score0.09591EPSS
Exploits0References1
Rows per page
Query Builder