Astra Linux - уязвимость в tomcat9

The simplified implementation of blocking reads and writes introduced in Tomcat 10, and backported to Tomcat 9.0.47 and later versions, exposed a long-standing but extremely difficult to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and...

EUVD-2022-6865

Malicious code in bioql PyPI...

OESA-2024-2403 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

BIT-TOMCAT-2021-43980 Apache Tomcat: Information disclosure

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.18, 9.0.0 to 9.0.60 and 8.5.0 to 8.5.77 that could...

Important: tomcat8

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain...

Apache Tomcat 8.5.x < 8.5.78 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.77, 9.0.0-M1 to 9.0.60, 10.0.0-M1 to 10.0.18 or 10.1.0-M1 to 10.1.0-M12. It is, therefore, affected by a information disclosure vulnerability. The simplified implementation of blocking reads and writes introduced in Tomcat ...

Apache Tomcat 10.0.0-M1 < 10.0.20 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.77, 9.0.0-M1 to 9.0.60, 10.0.0-M1 to 10.0.18 or 10.1.0-M1 to 10.1.0-M12. It is, therefore, affected by a information disclosure vulnerability. The simplified implementation of blocking reads and writes introduced in Tomcat ...

Information Disclosure

Apache Tomcat-Coyote is vulnerable to information disclosure. A remote unauthenticated attacker is able to cause client connections to share an Http11Processor instance resulting in responses or part responses to be received by a malicious client due to the simplified implementation of blocking...

GHSA-JX7C-7MJ5-9438 Apache Tomcat Race Condition vulnerability

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

DEBIAN-CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

Design/Logic Flaw

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

Apache Tomcat 10.1.0.M1 < 10.1.0.M14

The version of Tomcat installed on the remote host is prior to 10.1.0.M14. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.0-m14security-10 advisory. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to...

Fixed in Apache Tomcat 10.1.0-M14

Note: The issue below was fixed in Apache Tomcat 10.1.0-M13 but the release vote for the 10.1.0-M13 release candidate did not pass. Therefore, although users must download 10.1.0-M14 to obtain a version that includes a fix for these issues, version 10.1.0-M13 is not included in the list of affect...

Apache Tomcat 8.x < 8.5.78 Spring4Shell CVE-2021-43980

The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...

Fixed in Apache Tomcat 10.0.20

Note: The issue below was fixed in Apache Tomcat 10.0.19 but the release vote for the 10.0.19 release candidate did not pass. Therefore, although users must download 10.0.20 to obtain a version that includes a fix for these issues, version 10.0.19 is not included in the list of affected versions...

Apache Tomcat 9.0.0.M1 < 9.0.62 Spring4Shell CVE-2021-43980

The version of Apache Tomcat installed on the remote host is 9.x prior to 9.0.62. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...