Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

GHSA-8QQ4-8JVQ-MFW4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

GHSA-CWQ3-QP8V-W8Q3 Mortbay Jetty Discloses JSP Source Code

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...

Directory traversal

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2021-2435)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39,...

CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence BI Launchpad versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted...

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...

Apache Tomcat 7.0.0 < 7.0.107

The version of Tomcat installed on the remote host is prior to 7.0.107. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.107security-7 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 t...

Apache Tomcat Information Disclosure Vulnerability (CNVD-2021-11841)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in Apache Tomcat that stems from inconsistent behavior of the JRE API File.getCanonicalPath with...

Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

PT-2020-20935

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.106 Apache Tomcat versions 8.5.0 through 8.5.59 Apache Tomcat versions 9.0.0.M1 through 9.0.39 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M9 Description When serving resources from a network locati...

Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure

Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

MGASA-2017-0352 Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...