CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

Amazon Linux AMI : tomcat7 (ALAS-2016-680)

ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web...

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

SUSE-SU-2016:0822-1 Security update for tomcat

This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent...

Medium: tomcat8

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

CVE-2015-5345

CVE-2015-5345 affects the Tomcat Mapper component: redirects are processed before security constraints/Filters, enabling a remote attacker to determine the existence of a directory via a URL that lacks a trailing slash. Affected upstream versions are Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8...

CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

HP Systems Insight Manager < 2.5.2.0 WMI Mapper Component Multiple Flaws

The remote host is running HP Systems Insight Manager SIM for Windows. The installed version is older than version 2.5.2.0, and has a vulnerable version of WMI Mapper component installed. By exploiting unspecified vulnerabilities in the WMI Mapper component, it may be possible for a remote or a...