Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

USN-4791-1: Apache Tomcat 7 vulnerabilities

It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote attacker could possible use this vulnerability to redirect the traffic to an arbitrary proxy and obtain sensitive information. CVE-2016-5388 It was...

Debian DSA-4835-1 : tomcat9 - security update

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4835. The text itself is copyright C...

USN-4596-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. CVE-2020-11996 It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/...

Debian: Security Advisory (DLA-2279-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

[SECURITY] [DLA 1883-1] tomcat8 security update

Package : tomcat8 Version : 8.0.14-1+deb8u15 CVE ID : CVE-2016-5388 CVE-2018-8014 CVE-2019-0221 Debian Bug : 929895 898935 Several minor issues have been fixed in tomcat8, a Java Servlet and JSP engine. CVE-2016-5388 Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18...

Debian DLA-1450-1 : tomcat8 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the...

[SECURITY] [DLA 1301-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u18 CVE ID : CVE-2018-1304 CVE-2018-1305 Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2018-1304 The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache...

Debian DSA-3892-1 : tomcat7 - security update

Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacemen...

[SECURITY] [DSA 3891-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3891-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 22, 2017 https://www.debian.org/security/faq -...

Debian DSA-3842-1 : tomcat7 - security update

Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine. - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. - CVE-2017-5648 Some application listeners calls were issued against the wrong...

Debian DSA-3843-1 : tomcat8 - security update

Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine. - CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. - CVE-2017-5648 Some application listeners calls were issued against the wrong...

Debian: Security Advisory (DSA-3843-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Denial Of Service (DoS) Via Infinite Loop

tomcat-coyote is vulnerable to denial of service DoS attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for pos while processing HTTPS requests in the Apache Tomcat...

Updated tomcat packages fix security vulnerability

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure CVE-2016-8745...

Design/Logic Flaw

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

Debian DSA-3755-1 : tomcat8 - security update

It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Debian: Security Advisory (DSA-3721-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...