BSA-2017-447

Security Advisory ID : BSA-2017-447 Component : Apache Revision : 2.0: Final When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to fals...

Apache Tomcat Remote Code Execution Vulnerability (CNVD-2017-30092)

Apache Tomcat is a popular open source JSP application server program. Apache Tomcat has a remote code execution vulnerability. With HTTP PUT enabled in Apache Tomcat, an attacker can upload an arbitrary JSP file to the server via a constructed request, resulting in remote code execution...

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability

CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...

Nuxeo Platform Arbitrary File Upload Vulnerability

Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...

CVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users...

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

UBUNTU-CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

jakarta security update

CentOS Errata and Security Advisory CESA-2015:1695 Updated jakarta-taglibs-standard packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring Syste...

UBUNTU-CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Design/Logic Flaw

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

SAP Crystal Reports 2008 Directory Traversal

SAP Crystal Reports is a business intelligence application which is used to design and generate reports from various data sources. These sources include databases, spreadsheets, text files, XML files, etc. SAP Crystal Reports installation includes Tomcat Web server and various servlet components ...