1091 matches found
DSA-3447-1 tomcat7 - security update
Bulletin has no description...
DSA-3428-1 tomcat8 - security update
Bulletin has no description...
OpenMRS 2.3 (1.11.4) - Expression Language Injection
OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary: OpenMRS is an application...
OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability
Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...
OpenMRS 2.3 (1.11.4) - Expression Language Injection
OpenMRS 2.3 1.11.4 - Expression Language Injection OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...
OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
CVE-2013-4486
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)
Binary data 8830.pasl...
Ubuntu 12.04 LTS : tomcat6 vulnerabilities (USN-2655-1)
It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. CVE-2014-0227 It was discovered that...
Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2654-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2654-1 advisory. It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read...
Ubuntu: Security Advisory (USN-2654-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Tomcat SecurityManager Security Bypass Vulnerability (Jun 2015) - Linux
Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...
CVE-2014-7810
The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...
CVE-2014-7810
Removed by vendor...
UBUNTU-CVE-2014-7810
The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...
Apache Tomcat 7.0.0 < 7.0.59
The version of Tomcat installed on the remote host is prior to 7.0.59. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.59security-7 advisory. - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before...
tomcat -- multiple vulnerabilities
Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...
Fixed in Apache Tomcat 6.0.44
Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the...