11 matches found
Updated tomcat packages fix security vulnerabilities
Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...
MGASA-2025-0250 Updated tomcat packages fix security vulnerabilities
Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...
Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...
CLSA-2025-1758915354 httpd: Fix of 4 CVEs
CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack -...
Fixed in Apache Tomcat 9.0.109
Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
CLSA-2024-1719919908 sudo: Fix of 2 CVEs
CVE-2023-28486: escape control characters in log messages - CVE-2023-28487: escape control characters in sudoreplay output...
Oracle: Security Advisory (ELSA-2011-0909)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Httpd < 2.0.65 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Varnish < 2.1.2 Log Escape Sequence Injection Vulnerability
Varnish is prone to a log escape sequence injection vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Varnish Log Escape Sequence Injection Vulnerability
This host is installed with Varnish and is prone to Log Escape Sequence Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbvarnishlogsescapesequenceinjvuln.nasl 5390 2017-02-21 18:39:27Z mime $ Varnish Log Escape Sequence Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c...
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...