EUVD-2023-2799

Malicious code in bioql PyPI...

SUSE CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-7106-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7106-1 advisory. It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with request...

USN-7032-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling...

Oracle Linux 9 : tomcat (ELSA-2024-1134)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1134 advisory. 1:9.0.62-37.el93.2 - Resolves: 2252050 HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block...

BIT-TOMCAT-2023-45648 Apache Tomcat: Trailer header parsing too lenient

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.13, from 9.0.0 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:0472-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache...

Rocky Linux 8 : tomcat (RLSA-2024:0539)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0539 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82...

CLSA-2024-1707420277 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Incorrect parsing of HTTP trailer headers - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs -...

Oracle Linux 8 : tomcat (ELSA-2024-0539)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0539 advisory. 1:9.0.62-27.3 - tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 Tenable has extracted the preceding description block directly from...

AlmaLinux 8 : tomcat (ALSA-2024:0539)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0539 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 a...

RHEL 8 : tomcat (RHSA-2024:0539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0539 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via...

ALSA-2024:0474 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:0206-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0206-1 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

Medium: tomcat8

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2024-471)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-471 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not...

[SECURITY] [DLA 3707-1] tomcat9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3707-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 05, 2024 https://wiki.debian.org/LTS -...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Apache Tomcat 9.0.0-M1 < 9.0.83 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.95, 9.0.0-M1 to 9.0.82 or 10.1.0-M1 to 10.1.15. It is, therefore, affected by a request smuggling vulnerability. Tomcat did not correctly parse HTTP trailer headers. A specially crafted trailer header that exceeded the head...