Lucene search
K

37 matches found

Nuclei
Nuclei
added 5 days ago349 views

Apache Tomcat - Remote Code Execution

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

8.1CVSS6.8AI score0.99988EPSS
Exploits23References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/01 4:38 p.m.87 views

Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities

Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...

10CVSS10.3AI score0.99988EPSS
Exploits112Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.53 views

Apache Tomcat on Windows Remote Code Execution Vulnerability

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS2.6AI score0.99607EPSS
In wildExploits18
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.26 views

Apache Tomcat 9.0.x < 9.0.1 RCE

Binary data 700703.pasl...

8.1CVSS8.8AI score0.99988EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.30 views

Apache Tomcat 7.0.x < 7.0.82 RCE

Binary data 700675.pasl...

8.1CVSS8.3AI score0.99988EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.162 views

Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities

Binary data 700674.pasl...

8.1CVSS7.2AI score0.99607EPSS
Exploits18References2
Veracode
Veracode
added 2019/01/15 9:19 a.m.66 views

Unrestricted File Upload

tomcat-catalina is vulnerable to remote code execution RCE attacks. On a Windows system with HTTP PUTs enabled a malicious user can upload a JSP file to the server which would then be executed...

8.1CVSS8.4AI score0.99607EPSS
Exploits18References21Affected Software10
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.88 views

Apache Tomcat 7.0.x < 7.0.82 Remote Code Execution via JSP Upload

The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.82. It is, therefore, affected by an unspecified vulnerability when running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false makes it possible to upload ...

8.1CVSS7.4AI score0.99988EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.489 views

Apache Tomcat 8.5.x < 8.5.23 Remote Code Execution via JSP Upload

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.23. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false that makes it possible to upload a JSP...

8.1CVSS7.4AI score0.99988EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.56 views

Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.81. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability when running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false...

8.1CVSS7.8AI score0.99988EPSS
Exploits39References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.25 views

Apache Tomcat 9.0.0.M1 < 9.0.1 Remote Code Execution via JSP Upload

The version of Apache Tomcat installed on the remote host is 9.0.0.M1 or later but prior to 9.0.1. It is, therefore, affected by an unspecified vulnerability when running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false that makes it possible t...

8.1CVSS7.5AI score0.99988EPSS
Exploits23References2
Github Security Blog
Github Security Blog
added 2018/10/17 4:30 p.m.76 views

When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS1.7AI score0.99607EPSS
Exploits18References28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:23 a.m.60 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION: Apache Tomca...

8.1CVSS1AI score0.99988EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:23 a.m.64 views

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION...

8.1CVSS0.9AI score0.99988EPSS
Exploits39Affected Software1
OpenVAS
OpenVAS
added 2018/06/05 12:0 a.m.66 views

Ubuntu: Security Advisory (USN-3665-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.99988EPSS
Exploits29References4
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.129 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-3665-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3665-1 advisory. It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue...

9.8CVSS7.7AI score0.99988EPSS
Exploits29References7
Ubuntu
Ubuntu
added 2018/05/30 5:47 p.m.153 views

USN-3665-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...

9.8CVSS7.5AI score0.99988EPSS
Exploits29
Mageia
Mageia
added 2017/11/02 9:47 p.m.67 views

Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS1.6AI score0.99988EPSS
Exploits23References3
seebug.org
seebug.org
added 2017/10/10 12:0 a.m.941 views

Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)

CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...

6.8CVSS0.1AI score0.99988EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2017/10/06 12:0 a.m.164 views

Apache Tomcat 8.5.0 < 8.5.23

The version of Tomcat installed on the remote host is prior to 8.5.23. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.23security-8 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...

8.1CVSS7.8AI score0.99988EPSS
Exploits23References5
Rows per page
Query Builder