EUVD-2022-2904

Malicious code in bioql PyPI...

SUSE CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service assertion failure and daemon exit via a long string, as demonstrated by a crafted HTTP Vary header...

Security Bulletin: Security vulnerability in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

CVE-2017-7561

It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Core (CVE-2017-7674, CVE-2017-7675)

Summary Apache Tomcat could provide weaker than expected security, caused by the failure to add an HTTP Vary header CVE-2017-7674. Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw in the HTTP/2 implementation CVE-2017-7675. Vulnerability Details CVEID:...

Important: Red Hat Security Advisory: eap7-jboss-ec2-eap security update

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact o...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 6

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Amazon Linux AMI : tomcat7 (ALAS-2017-873)

Security constrained bypass in error page mechanism : While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an...

Apache Tomcat 7.0.41 < 7.0.79

The version of Tomcat installed on the remote host is prior to 7.0.79. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.79security-7 advisory. - The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0....

Design/Logic Flaw

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

CVE-2017-7674

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

CVE-2017-7674

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

Important: tomcat8

Issue Overview: Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error...

Fixed in Apache Tomcat 8.0.45

Moderate: Cache Poisoning CVE-2017-7674 The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. This was fixed in revision 1795815. The issue was reported as bug 61101 on ...

Fixed in Apache Tomcat 8.5.16

Important: Security Constraint Bypass CVE-2017-7675 The HTTP/2 implementation bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using an specially crafted URL. This was fixed in revision 1796091. The issue was...

Fixed in Apache Tomcat 9.0.0.M22

Important: Security Constraint Bypass CVE-2017-7675 The HTTP/2 implementation bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using an specially crafted URL. This was fixed in revision 1796090. The issue was...

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service assertion failure and daemon exit via a long string, as demonstrated by a crafted HTTP Vary header...

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service assertion failure and daemon exit via a long string, as demonstrated by a crafted HTTP Vary header...