[SECURITY] [DLA 2407-1] tomcat8 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2407-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2020 https://wiki.debian.org/LTS -...

Oracle Weblogic SOAPInvokeState Remote Code Execution Vulnerability

WebLogic is an application server produced by Oracle Corporation of the United States, is a JAVAEE architecture-based middleware, WebLogic is used to develop, integrate, deploy and manage large-scale distributed Web applications, network applications and database applications. WebLogic is used to...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2019-0327

This CVE affects SAP NetWeaver for Java Application Server Web Container. The vulnerability allows an attacker to upload files (including script files) due to inadequate file format validation in engineapi (versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5) and servercode (versions 7.2, 7.3, 7.31, 7.4, 7.5)...

CVE-2019-0275

SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server J2EE-APPS, versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting XSS vulnerability...

SAP NetWeaver Java AS 'Webdynpro' Component Information Disclosure Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in the SAP NetWeaver Java AS 'Webdynpro' component, which could b...

SAP NetWeaver AS JAVA Denial of Service Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications.SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. A denial of service vulnerability...

SAP NetWeaver AS JAVA Internet Communication Manager Component Denial of Service Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP that provides a development and runtime environment for SAP applications. SAP NetWeaver AS Application Server Java is an application server that runs in NetWeaver and is based on the Java programming language. Internet...

SAP NetWeaver Java AS XML DAS Vulnerability

SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A security vulnerability exists in SAP NetWeaver Java AS where the XML DAS service does not check authorization, which can be exploited by remote attackers to gai...

SAP NetWeaver AS JAVA Unauthorized Access Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform. SAP NetWeaver AS Java is an application server that runs in NetWeaver and is based on the Java programming language. An unauthorized access vulnerability exists in SAP NetWeaver AS Java, which could be exploited by remote...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 jboss-ec2-eap update

Updated jboss-ec2-eap packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat JBoss Enterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

CVE-2014-3133

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...

Design/Logic Flaw

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...

CVE-2014-3133

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...

Resin Application Server 4.0.36 XSS / Source Code Disclosure

Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...

ajp-request NSE Script

Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

Oracle BEA WebLogic IIS connector JSESSIONID Stack Buffer Overflow (CVE-2008-5457)

BEA WebLogic is a Java Application Server platform typically used as the platform for large enterprise web applications. Specifically, the vulnerability exists in the connector software for Apache HTTP server shipped with BEA WebLogic. BEA WebLogic Platform ships with a connector for Apache HTTP...