67 matches found
Tomcat information disclosure vulnerability
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...
CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...
Design/Logic Flaw
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...
CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...
CVE-2008-0002
CVE-2008-0002 affects Apache Tomcat 6.0.0–6.0.15 and relates to parameter processing during an exception. The issue may disclose sensitive information when parameters are processed in the context of the wrong request, demonstrated by disconnecting during processing to trigger the exception. This ...
CVE-2008-0002: Tomcat information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-0002: Tomcat information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.5 to 6.0.15 Description: If an exception occurs during the processing of parameters eg if the client...
Chetcpasswd本地权限提升漏洞
Chetcpasswd是一个允许用户通过Web更改自己Squid及Web访问口令的工具。 Chetcpasswd在处理参数时存在漏洞,本地攻击者可能利用此漏洞提升自己权限。 如果配置为使用postchange和alertemail的话,或在更改口令后将新的passwd文件拷贝到旧的passwd文件,chetcpasswd就可能不安全地执行外部程序,允许本地攻击者获得root用户权限。但要利用这个漏洞要求攻击者在服务器上拥有有效的shell帐号且知道允许使用chetcpasswd的IP地址。 CHETCPASSWD CHETCPASSWD 2.4.1...