Lucene search
K

54 matches found

Debian
Debian
added 2017/01/08 6:27 a.m.45 views

[SECURITY] [DSA 3755-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3755-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.16038EPSS
Exploits0
Debian
Debian
added 2017/01/08 6:26 a.m.40 views

[SECURITY] [DSA 3754-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2017 https://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.16038EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/01/07 12:0 a.m.33 views

Debian: Security Advisory (DSA-3754-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.16038EPSS
Exploits0References3
Apache Tomcat
Apache Tomcat
added 2017/01/05 12:0 a.m.54 views

Fixed in Apache Tomcat 6.0.50

Note: The issue below was fixed in Apache Tomcat 6.0.49 but the release vote for the 6.0.49 release candidate did not pass. Therefore, although users must download 6.0.50 to obtain a version that includes the fix for this issue, version 6.0.49 is not included in the list of affected versions...

7.5CVSS7.6AI score0.16038EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2016/12/13 4:53 a.m.29 views

Information Disclosure

Apache Tomcat is vulnerable to Information Disclosure. This is caused by the error handling of the send file processing code for the NIO HTTP connector causing information leakage between requests and the response body which allows an attacker to gain access to sensitive information...

7.5CVSS7.7AI score0.16038EPSS
Exploits0References4Affected Software13
RedhatCVE
RedhatCVE
added 2016/12/12 12:48 p.m.37 views

CVE-2016-8745

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

7.5CVSS7.6AI score0.16038EPSS
Exploits0References2
Apache Tomcat
Apache Tomcat
added 2016/12/08 12:0 a.m.69 views

Fixed in Apache Tomcat 9.0.0.M15

Note: The issue below was fixed in Apache Tomcat 9.0.0.M14 but the release vote for the 9.0.0.M14 release candidate did not pass. Therefore, although users must download 9.0.0.M15 to obtain a version that includes the fix for this issue, version 9.0.0.M14 is not included in the list of affected...

7.5CVSS7.6AI score0.16038EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2016/12/08 12:0 a.m.60 views

Fixed in Apache Tomcat 8.5.9

Important: Information Disclosure CVE-2016-8745 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests...

7.5CVSS7.6AI score0.16038EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/02/15 12:0 a.m.47 views

Apache Tomcat 7.0.0 < 7.0.8

The version of Tomcat installed on the remote host is prior to 7.0.8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.8security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for...

5CVSS5.6AI score0.07885EPSS
Exploits0References3
NVD
NVD
added 2011/02/10 6:0 p.m.16 views

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS4.3AI score0.07885EPSS
Exploits0References18
Prion
Prion
added 2011/02/10 6:0 p.m.23 views

Design/Logic Flaw

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

5CVSS6.9AI score0.07885EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2011/02/10 5:0 p.m.107 views

CVE-2011-0534

CVE-2011-0534 affects Apache Tomcat 7.0.0–7.0.6 and 6.0.0–6.0.30. The issue arises because maxHttpHeaderSize is not enforced for NIO HTTP connector requests, enabling remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. Affected products are Tomcat 7/6 family as...

5CVSS5.7AI score0.07885EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2011/02/10 5:0 p.m.26 views

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

4.4AI score0.07885EPSS
Exploits0References18
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.125 views

[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...

5CVSS0.2AI score0.07885EPSS
Exploits0
Rows per page
Query Builder