Lucene search
K

53 matches found

Redos
Redos
added 2024/07/29 12:0 a.m.27 views

ROS-20240729-02

An implementation vulnerability in the EncryptInterceptor class of Apache Tomcat application server is related to incomplete program execution documentation. program execution documentation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.8AI score0.71653EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.29 views

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: XSS in SSI printenv CVE-2019-0221 - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14,...

7.5CVSS7.1AI score0.71653EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.43 views

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - Apache Tomcat 5.5.0 through...

7.5CVSS7.3AI score0.708EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.41 views

RHEL 7 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - tomcat: HTTP request smuggli...

8AI score0.71653EPSS
Exploits26References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...

8.1AI score0.72855EPSS
Exploits5References2
OSV
OSV
added 2024/03/06 11:9 a.m.49 views

BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...

7.5CVSS7.1AI score0.71653EPSS
Exploits5References7
Amazon
Amazon
added 2023/09/25 12:0 a.m.10 views

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

9.8CVSS7AI score0.99677EPSS
Exploits105
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.227 views

K47096851: Apache Tomcat vulnerability CVE-2022-29885

Security Advisory Description The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the...

7.5CVSS8.6AI score0.71653EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/10/30 12:0 a.m.57 views

Debian DSA-5265-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

7.5CVSS7.3AI score0.71653EPSS
Exploits20References11
Debian
Debian
added 2022/10/29 9:59 p.m.66 views

[SECURITY] [DSA 5265-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5265-1 [email protected] https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.71653EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.71 views

Amazon Linux AMI : tomcat8 (ALAS-2022-1627)

The version of tomcat8 installed on the remote host is prior to 8.5.81-1.91. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1627 advisory. A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocke...

8.6CVSS7.2AI score0.71653EPSS
Exploits5References5
GithubExploit
GithubExploit
added 2022/06/30 4:9 p.m.20 views

Exploit for Uncontrolled Resource Consumption in Apache Tomcat

CVE-2022-29885 The tool is only used for security research...

7.5CVSS6.8AI score0.71653EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2022/06/07 2:29 a.m.87 views

CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

7.5CVSS2.3AI score0.71653EPSS
Exploits5References4
Apache Tomcat
Apache Tomcat
added 2022/05/23 12:0 a.m.152 views

Fixed in Apache Tomcat 8.5.79

Low: Apache Tomcat EncryptInterceptor DoS CVE-2022-29885 The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does...

7.5CVSS7.5AI score0.71653EPSS
Exploits5Affected Software1
Apache Tomcat
Apache Tomcat
added 2022/05/16 12:0 a.m.135 views

Fixed in Apache Tomcat 9.0.63

Low: Apache Tomcat EncryptInterceptor DoS CVE-2022-29885 The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does...

7.5CVSS7.5AI score0.71653EPSS
Exploits5Affected Software1
Apache Tomcat
Apache Tomcat
added 2022/05/16 12:0 a.m.58 views

Fixed in Apache Tomcat 10.1.0-M15

Low: Apache Tomcat EncryptInterceptor DoS CVE-2022-29885 The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does...

7.5CVSS7.5AI score0.71653EPSS
Exploits5Affected Software1
Veracode
Veracode
added 2022/05/13 4:14 a.m.150 views

Denial Of Service (DoS)

org.apache.tomcat:tomcat is vulnerable to denial of service attacks. A malicious user is able to cause denial of service conditions, when running over an untrusted network because EncryptInterceptor does not provide protection against DoS attacks...

7.5CVSS2.8AI score0.71653EPSS
Exploits5References13Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 12:1 a.m.25 views

Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

7.5CVSS7.1AI score0.71653EPSS
Exploits5References11Affected Software1
OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.25 views

Apache Tomcat EncryptInterceptor DoS Vulnerability (May 2022) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS7.5AI score0.71653EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.26 views

Apache Tomcat 8.5.38 < 8.5.79 EncryptInterceptor DoS

The version of Apache Tomcat installed on the remote host is 8.5.38 to 8.5.78, 9.0.13 to 9.0.62, 10.0.0-M1 to 10.0.20 or 10.1.0-M1 to 10.1.0-M14. It is, therefore, affected by a denial of service vulnerability. The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat...

7.5CVSS7.9AI score0.71653EPSS
Exploits5References2
Rows per page
Query Builder