10 matches found
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update
Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)
Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:156 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)
Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x : The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses CVE-2011-1184. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon...
Fixed in Apache Tomcat 5.5.34
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...
Fixed in Apache Tomcat 6.0.33
Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...
Fixed in Apache Tomcat 7.0.19
Low: Information disclosure CVE-2011-2526 Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request...
[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.18 Tomcat 6.0.0 to 6.0.32 Tomcat 5.5.0 to 5.0.33 Previous, unsupported...
Design/Logic Flaw
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...