Lucene search
K

11 matches found

Mageia
Mageia
added 2025/10/29 4:28 a.m.38 views

Updated tomcat packages fix security vulnerabilities

Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...

9.6CVSS7AI score0.66535EPSS
Exploits4References4
OSV
OSV
added 2025/10/29 4:28 a.m.7 views

MGASA-2025-0250 Updated tomcat packages fix security vulnerabilities

Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...

9.6CVSS6.8AI score0.66535EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.5 views

Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...

9.6CVSS6.9AI score0.09917EPSS
Exploits0References4
OSV
OSV
added 2025/09/26 7:36 p.m.6 views

CLSA-2025-1758915354 httpd: Fix of 4 CVEs

CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack -...

9.1CVSS7.3AI score0.01149EPSS
Exploits1References1
Apache Tomcat
Apache Tomcat
added 2025/09/05 12:0 a.m.11 views

Fixed in Apache Tomcat 9.0.109

Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.8AI score0.66535EPSS
Exploits4Affected Software1
OSV
OSV
added 2024/07/02 11:31 a.m.8 views

CLSA-2024-1719919908 sudo: Fix of 2 CVEs

CVE-2023-28486: escape control characters in log messages - CVE-2023-28487: escape control characters in sudoreplay output...

5.3CVSS6AI score0.00953EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.28 views

Oracle: Security Advisory (ELSA-2011-0909)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.15684EPSS
Exploits4References2
Apache Httpd
Apache Httpd
added 2013/03/13 12:0 a.m.41 views

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5.1CVSS1.5AI score0.24886EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2010/01/28 12:0 a.m.25 views

Varnish < 2.1.2 Log Escape Sequence Injection Vulnerability

Varnish is prone to a log escape sequence injection vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.12758EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2010/01/28 12:0 a.m.30 views

Varnish Log Escape Sequence Injection Vulnerability

This host is installed with Varnish and is prone to Log Escape Sequence Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbvarnishlogsescapesequenceinjvuln.nasl 5390 2017-02-21 18:39:27Z mime $ Varnish Log Escape Sequence Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

5CVSS6.8AI score0.12758EPSS
Exploits2References2
securityvulns
securityvulns
added 2010/01/12 12:0 a.m.236 views

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

5CVSS8.2AI score0.27008EPSS
Exploits18
Rows per page
Query Builder