PT-2025-5605 · Org.Gaul · 3Proxy

Name of the Vulnerable Software and Affected Versions: org.gaul S3Proxy versions prior to 2.6.0 Description: The issue affects users of the filesystem and filesystem-nio2 storage backends, potentially exposing local files to authenticated clients. This could lead to unauthorized access to sensiti...

Apache Tomcat 9.0.0.M1 < 9.0.10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.10security-9 advisory. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2816)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-2816)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was...

openSUSE 15 Security Update : tomcat (openSUSE-SU-2021:3672-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3672-1 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to...

Important: tomcat8

Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...

Updated tomcat packages fix security vulnerability

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. CVE-2021-30640 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not...

Apache Tomcat DoS Vulnerability (Sep 2021) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-41079

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

CVE-2021-41079

CVE-2021-41079 affects Apache Tomcat when TLS is configured with NIO/NIO2 and OpenSSL. Multiple sources confirm: Tomcat versions 8.5.0–8.5.63, 9.0.0-M1–9.0.43, and 10.0.0-M1–10.0.2 fail to properly validate incoming TLS packets, allowing a specially crafted TLS packet to trigger an infinite loop ...

Fixed in Apache Tomcat 10.0.4

Note: The issue below was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for these issues, version 10.0.3 is not included in the list of affected versions...

Fixed in Apache Tomcat 8.5.64

Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit b90d4fc1. This issue was first reported to the Apach...

Fixed in Apache Tomcat 9.0.44

Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit d4b340fa. This issue was first reported to the Apach...

CVE-2021-21294

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

CentOS 8 : pki-deps:10.6 (CESA-2019:1529)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1529 advisory. - tomcat: Open redirect in default servlet CVE-2018-11784 - tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins...

RHEL 8 : pki-deps:10.6 (RHSA-2019:1529)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1529 advisory. The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2019:1529 Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up...

Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...

pki-deps:10.6 security update

An update is available for glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, xmlstreambuffer, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist, python-nss, bea-stax, velocity, xml-commons-apis, resteasy, xsom, slf4j, stax-ex, xerces-j2,...