54 matches found
[SECURITY] [DSA 3755-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3755-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3754-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3754-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fixed in Apache Tomcat 6.0.50
Note: The issue below was fixed in Apache Tomcat 6.0.49 but the release vote for the 6.0.49 release candidate did not pass. Therefore, although users must download 6.0.50 to obtain a version that includes the fix for this issue, version 6.0.49 is not included in the list of affected versions...
Information Disclosure
Apache Tomcat is vulnerable to Information Disclosure. This is caused by the error handling of the send file processing code for the NIO HTTP connector causing information leakage between requests and the response body which allows an attacker to gain access to sensitive information...
CVE-2016-8745
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...
Fixed in Apache Tomcat 9.0.0.M15
Note: The issue below was fixed in Apache Tomcat 9.0.0.M14 but the release vote for the 9.0.0.M14 release candidate did not pass. Therefore, although users must download 9.0.0.M15 to obtain a version that includes the fix for this issue, version 9.0.0.M14 is not included in the list of affected...
Fixed in Apache Tomcat 8.5.9
Important: Information Disclosure CVE-2016-8745 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests...
Apache Tomcat 7.0.0 < 7.0.8
The version of Tomcat installed on the remote host is prior to 7.0.8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.8security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for...
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...
Design/Logic Flaw
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...
CVE-2011-0534
CVE-2011-0534 affects Apache Tomcat 7.0.0–7.0.6 and 6.0.0–6.0.30. The issue arises because maxHttpHeaderSize is not enforced for NIO HTTP connector requests, enabling remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. Affected products are Tomcat 7/6 family as...
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...
[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...