Lucene search
K

4 matches found

0day.today
0day.today
added 2019/07/02 12:0 a.m.1366 views

Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution. This module requires Metasploit: https://metasploit.com/downloa...

9.3CVSS0.6AI score0.99652EPSS
Exploits9
Apache Tomcat
Apache Tomcat
added 2019/04/13 12:0 a.m.289 views

Fixed in Apache Tomcat 9.0.19

Note: The issues below were fixed in Apache Tomcat 9.0.18 but the release vote for the 9.0.18 release candidate did not pass. Therefore, although users must download 9.0.19 to obtain a version that includes a fix for these issues, version 9.0.18 is not included in the list of affected versions...

9.3CVSS7.4AI score0.99652EPSS
Exploits12Affected Software1
Apache Tomcat
Apache Tomcat
added 2019/04/12 12:0 a.m.429 views

Fixed in Apache Tomcat 8.5.40

Important: Remote Code Execution on Windows CVE-2019-0232 When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. For a...

9.3CVSS7.3AI score0.99652EPSS
Exploits12Affected Software1
ThreatPost
ThreatPost
added 2018/08/30 5:44 p.m.35 views

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...

5CVSS7AI score0.00987EPSS
Exploits5References6
Rows per page
Query Builder