Lucene search
+L

138 matches found

securityvulns
securityvulns
added 2014/02/28 12:0 a.m.173 views

[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4286 Incomplete fix for CVE-2005-2090 Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37...

5.8CVSS0.3AI score0.29784EPSS
Exploits4
NVD
NVD
added 2014/02/26 2:55 p.m.21 views

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS8.2AI score0.16833EPSS
Exploits2References45
Prion
Prion
added 2014/02/26 2:55 p.m.27 views

Design/Logic Flaw

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS7.2AI score0.29784EPSS
Exploits4References45Affected Software1
CVE
CVE
added 2014/02/26 11:0 a.m.771 views

CVE-2013-4286

CVE-2013-4286 affects Apache Tomcat: HTTP/AJP connectors may mishandle inconsistent headers, allowing remote request-smuggling via multiple Content-Length headers or Content-Length with Transfer-Encoding: chunked. Affected: Tomcat 6.x before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3. Ro...

5.8CVSS9.3AI score0.16833EPSS
Exploits2References45Affected Software1
UbuntuCve
UbuntuCve
added 2014/02/26 12:0 a.m.40 views

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.8AI score0.16833EPSS
Exploits2References5
OSV
OSV
added 2014/02/26 12:0 a.m.6 views

UBUNTU-CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.8AI score0.16833EPSS
Exploits2References6
Apache Tomcat
Apache Tomcat
added 2013/09/23 12:0 a.m.37 views

Fixed in Apache Tomcat 8.0.0-RC3

Note: The issue below was fixed in Apache Tomcat 8.0.0-RC2 but the release vote for 8.0.0-RC2 did not pass. Therefore, although users must download 8.0.0-RC3 to obtain a version that includes a fix for this issue, version 8.0.0-RC2 is not included in the list of affected versions. Important:...

6.3AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2012/05/21 4:28 p.m.6 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
NVD
NVD
added 2011/07/14 11:55 p.m.21 views

CVE-2011-2526

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS4.6AI score0.00699EPSS
Exploits1References35
Debian CVE
Debian CVE
added 2011/07/14 11:0 p.m.29 views

CVE-2011-2526

Removed by vendor...

4.4CVSS5AI score0.00699EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2011/02/15 12:0 a.m.47 views

Apache Tomcat 7.0.0 < 7.0.8

The version of Tomcat installed on the remote host is prior to 7.0.8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.8security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for...

5CVSS5.6AI score0.07885EPSS
Exploits0References3
NVD
NVD
added 2011/02/10 6:0 p.m.17 views

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS4.3AI score0.07885EPSS
Exploits0References18
Prion
Prion
added 2011/02/10 6:0 p.m.24 views

Design/Logic Flaw

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS6.9AI score0.07885EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2011/02/10 5:0 p.m.108 views

CVE-2011-0534

CVE-2011-0534 affects Apache Tomcat 7.0.0–7.0.6 and 6.0.0–6.0.30. The issue arises because maxHttpHeaderSize is not enforced for NIO HTTP connector requests, enabling remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. Affected products are Tomcat 7/6 family as...

5CVSS5.7AI score0.07885EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2011/02/10 5:0 p.m.28 views

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

4.4AI score0.07885EPSS
Exploits0References18
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.125 views

[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...

5CVSS0.2AI score0.07885EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Tomcat vulnerable in request processing

Overview Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat...

2.6CVSS4.9AI score0.06521EPSS
Exploits0References13
NVD
NVD
added 2005/12/31 5:0 a.m.23 views

CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS7.5AI score0.03474EPSS
Exploits0References5
Rows per page
Query Builder