43 matches found
EUVD-2016-4572
Malware in sbrugna...
EUVD-2008-5389
Malware in sbrugna...
Exploit for Inadequate Encryption Strength in Apache Tomcat
CVE-2024-52318 🚨🚨CVE-2024-52318 - Apache Tomcat XSS Vulnerabil...
Fixed in Apache Tomcat 11.0.1
Important: XSS in generated JSPs CVE-2024-52318 The fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS. This was fixed with commit 8d1fc473. This issue was...
Mageia: Security Advisory (MGASA-2017-0352)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2021-24122)
Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2021-24122 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive...
Fixed in Apache Tomcat 8.5.60
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Fixed in Apache Tomcat 7.0.107
Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...
Cross-Site Scripting (XSS)
tomcat5 is vulnerable to cross-site scripting. Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks...
CVE-2019-12407
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive...
Spoofing
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
FreeBSD : payara -- Code execution via crafted PUT requests to JSPs (22bc5327-f33f-11e8-be46-0019dbb15b3f)
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
Debian: Security Advisory (DLA-1108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12616
Removed by vendor...
CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
[ASA-201709-17] tomcat7: information disclosure
Arch Linux Security Advisory ASA-201709-17 ========================================== Severity: Medium Date : 2017-09-19 CVE-ID : CVE-2017-12616 Package : tomcat7 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-408 Summary ======= The package tomcat7 before...
EUVD-2022-4402
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
CVE-2016-3546
Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs...
CVE-2016-3546
Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs...