100 matches found
Amazon Linux AMI : tomcat7 (ALAS-2020-1352)
The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
MGASA-2020-0138 Updated tomcat packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...
Vulnerability of the Apache Jserv Protocol – the connection protocol of Apache Tomcat servers, allowing attackers to execute arbitrary code.
The vulnerability of the Apache Jserv Protocol – the server for Apache Tomcat applications – is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Debian DLA-2133-1 : tomcat7 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...
[SECURITY] [DLA 2133-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.100-1 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...
UBUNTU-CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...
Apache JServ Protocol (AJP) v1.3 Detection (TCP)
TCP based detection of services supporting the Apache JServ Protocol AJP in version 1.3. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
RedHat Update for httpd RHSA-2013:0512-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
ajp-methods NSE Script
Discovers which options are supported by the AJP Apache JServ Protocol server by sending an OPTIONS request and lists potentially risky methods. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may...
ajp-headers NSE Script
Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...
tomcat: authentication bypass and information disclosure
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...
tomcat6 Denial-Of-Service with AJP connection
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...
tomcat6 Denial-Of-Service with AJP connection
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...
tomcat6 Denial-Of-Service with AJP connection
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...
mod_jk: session information leak
The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...
mod_jk: session information leak
The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...
SOL5790 - Security Advisory: Apache JServ Protocol vulnerability - JVN#79314822
Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. Information about this advisory is available at the following location:...
AJP Connector Detection
The remote host is running an AJP Apache JServ Protocol connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21186; scriptversion"1.11";...