Astra Linux - уязвимость в tomcat9

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

EUVD-2023-0546

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-45143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some...

ROS-20240729-04

A vulnerability in the JsonErrorReportValve class of the Apache Tomcat application server is related to a flaw in the mechanism of for encoding or escaping output data. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of protected information...

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Fix for CVE-2023-24998 was incomplete CVE-2023-28709 Note that Nessus has not tested for this issue but has...

BIT-TOMCAT-2022-45143 Apache Tomcat: JsonErrorReportValve escaping

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

tomcat: JsonErrorReportValve injection

A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...

SUSE: Security Advisory (SUSE-SU-2023:1853-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:1853-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1853-1 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message ...

SUSE-SU-2023:1853-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2022-45143: Fixed JsonErrorReportValve injection bsc1206840...

Debian DSA-5381-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5381 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting...

Security Bulletin: App Connect Professional is affected by JsonErrorReportValve in Apache Tomcat.

Summary App Connect Professional have addressed the JsonErrorReportValve vulnerability reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or...

Arbitrary Code Injection

Tomcat Catalina is vulnerable to Arbitrary Code Injection. The vulnerability exists in the report function of JsonErrorReportValve.java due to improper escaping of inputs from JsonErrorReportValve which allows an attacker to inject invalid input values...

Apache Tomcat 9.0.0-M1 < 9.0.69 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

Apache Tomcat 8.5.x < 8.5.84 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

Apache Tomcat 10.1.0-M1 < 10.1.2 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Windows

Apache Tomcat is prone to a JsonErrorReportValve injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Linux

Apache Tomcat is prone to a JsonErrorReportValve injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat improperly escapes input from JsonErrorReportValve

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...