Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-0439

Malware in sbrugna...

2.1CVSS6.4AI score0.00358EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-6797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not...

7.5CVSS6.3AI score0.0807EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.49 views

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References20
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.22 views

Apache Tomcat 9.0.0.M1 < 9.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m10security-9 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References13
OSV
OSV
added 2022/05/13 1:2 a.m.2 views

GHSA-Q6X7-F33R-3WXX Incorrect Authorization in Apache Tomcat

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

7.5CVSS6.7AI score0.0807EPSS
Exploits0References46
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.40 views

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

7.5CVSS0.4AI score0.0807EPSS
Exploits0Affected Software7
Ubuntu
Ubuntu
added 2020/09/30 12:55 p.m.109 views

USN-4557-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...

9.8CVSS7.1AI score0.90338EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.88 views

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4557-1 advisory. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use...

9.8CVSS7.2AI score0.90338EPSS
Exploits12References8
Tenable Nessus
Tenable Nessus
added 2016/11/04 12:0 a.m.76 views

Apache Tomcat 8.5.0 < 8.5.5 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References20
Tenable Nessus
Tenable Nessus
added 2016/11/04 12:0 a.m.40 views

Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 Multiple Vulnerabilities

Binary data 9723.pasl...

5.9CVSS7.3AI score0.07991EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2016/11/01 9:17 a.m.35 views

CVE-2016-6797

It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not...

7.5CVSS1.6AI score0.0807EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2016/09/05 12:0 a.m.10 views

PT-2016-7116 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9 Apache Tomcat versions 8.5.0 through 8.5.4 Apache Tomcat versions 8.0.0.RC1 through 8.0.36 Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 6.0.0 through 6.0.45 Description: T...

9.8CVSS6.5AI score0.90338EPSS
Exploits12References172
NVD
NVD
added 2006/01/25 11:7 p.m.12 views

CVE-2006-0432

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources...

2.1CVSS6.5AI score0.00358EPSS
Exploits0References6
Prion
Prion
added 2006/01/25 11:7 p.m.16 views

Security feature bypass

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources...

2.1CVSS7.1AI score0.00358EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/01/25 11:0 p.m.48 views

CVE-2006-0432

CVE-2006-0432 concerns BEA WebLogic Server and WebLogic Express 9.0. The available connected documents indicate that when an Administrator uses the WebLogic Administration Console to add custom security policies, incorrect policies can be created, which prevents the server from properly protectin...

2.1CVSS6.5AI score0.00358EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/01/25 11:0 p.m.16 views

CVE-2006-0432

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources...

6.5AI score0.00358EPSS
Exploits0References6
Rows per page
Query Builder