Lucene search
K

100 matches found

Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.67 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1352)

The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
RedHat Linux
RedHat Linux
added 2020/03/12 5:7 p.m.5 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
OSV
OSV
added 2020/03/10 7:4 p.m.32 views

MGASA-2020-0138 Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...

9.8CVSS8.2AI score0.9927EPSS
Exploits45References4
BDU FSTEC
BDU FSTEC
added 2020/03/10 12:0 a.m.6 views

Vulnerability of the Apache Jserv Protocol – the connection protocol of Apache Tomcat servers, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Jserv Protocol – the server for Apache Tomcat applications – is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.9927EPSS
Exploits45References13Affected Software14
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.66 views

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References5
Debian
Debian
added 2020/03/04 6:14 p.m.109 views

[SECURITY] [DLA 2133-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.100-1 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was...

9.8CVSS9.2AI score0.9927EPSS
Exploits45
Veracode
Veracode
added 2019/05/02 4:53 a.m.64 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...

5CVSS5.8AI score0.1747EPSS
Exploits1References51Affected Software35
OSV
OSV
added 2018/01/24 11:29 p.m.3 views

UBUNTU-CVE-2018-1048

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS7.2AI score0.0159EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/02/10 12:0 a.m.747 views

Apache JServ Protocol (AJP) v1.3 Detection (TCP)

TCP based detection of services supporting the Apache JServ Protocol AJP in version 1.3. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.34 views

RedHat Update for httpd RHSA-2013:0512-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.7AI score0.6477EPSS
Exploits4References5
Nmap
Nmap
added 2012/05/07 6:49 p.m.362 views

ajp-methods NSE Script

Discovers which options are supported by the AJP Apache JServ Protocol server by sending an OPTIONS request and lists potentially risky methods. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
added 2012/05/07 6:49 p.m.147 views

ajp-headers NSE Script

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...

10CVSS0.4AI score0.99448EPSS
Exploits33
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.7 views

tomcat: authentication bypass and information disclosure

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

7.5CVSS6.1AI score0.15226EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.9 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/30 3:16 p.m.9 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/10/14 4:15 p.m.4 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/06/09 2:31 p.m.3 views

mod_jk: session information leak

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

2.6CVSS6AI score0.07263EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2009/04/23 6:48 p.m.3 views

mod_jk: session information leak

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

2.6CVSS6AI score0.07263EPSS
Exploits2References4
F5 Networks
F5 Networks
added 2006/06/20 12:0 a.m.27 views

SOL5790 - Security Advisory: Apache JServ Protocol vulnerability - JVN#79314822

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. Information about this advisory is available at the following location:...

1.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/05 12:0 a.m.124 views

AJP Connector Detection

The remote host is running an AJP Apache JServ Protocol connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21186; scriptversion"1.11";...

5.5AI score
Exploits0References2
Rows per page
Query Builder