CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

BIT-TOMCAT-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.1, from 10.1.0 through 10.1.33, from 9.0.0 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0...

Spring gRPC 0.4.0 for great good!

NB : you can find the working code for this blog here There's a new release of the amazing—if experimental—Spring gRPC project: version 0.4.0. I won't get into the nitty-gritty of all that's new, but I just wanted to highlight how elated I am to use it and walk you through the step-by-step path t...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat (CVE-2024-56337, CVE-2024-52316 and CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:...

FreeBSD : Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation (ed0a052a-c5e6-11ef-a457-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed0a052a-c5e6-11ef-a457-b42e991fc52e advisory. [email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for...

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

CVE-2024-56337

TOCTOU Race Condition in Apache Tomcat (CVE-2024-56337) affects 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97. The issue stems from TOCTOU vulnerability during JSP compilation/default servlet write on case-insensitive file systems. Incomplete mitigation previously for CVE-2024-50379; g...

CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

Apache Tomcat 10.1.0.M1 < 10.1.34 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.34. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.34security-10 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomc...

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability (CVE-2023-32336)

Summary A remote code execution vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-32336 DESCRIPTION: IBM InfoSphere Information Server is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. CVSS...

Kotlin DSLs in the world of Springdom

Kotlin is a beautiful language that makes it trivial to take old Java libraries and make them much more concise, just by virtue of the Kotlin syntax itself. It shines, however, when you write DSLs. Here's some inside baseball for you: the Spring teams do their level-headed best to be cohesive, to...

SAP NetWeaver Java AS Cross-Site Scripting Vulnerability

SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A cross-site scripting vulnerability exists in the SAP NetWeaver Java AS version 7.4 Configuration Wizard, which can be exploited by remote attackers to inject...

PostgreSQL Elevation of Privilege Vulnerability

PostgreSQL is an advanced object-relational database management system that supports an extended subset of SQL standards. A security vulnerability exists in PostgreSQL, which can be exploited by remote attackers to gain elevated privileges due to the failure of some versions to properly restrict...