BIT-TOMCAT-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.13, from 9.0.0 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:0472-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. - Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache...

K000138178: Apache Tomcat vulnerability CVE-2023-42795

Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to...

MGASA-2023-0319 Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error cou...

Input validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

CVE-2023-42795

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information. Mitigati...

Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

Apache Tomcat Incomplete Cleanup vulnerability

Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recyclin...

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

Input validation

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...

Remote code execution

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...