8 matches found
USN-6908-1 tomcat vulnerabilities
It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore...
SUSE CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
The vulnerability of the PersistenceManager component in the Apache Tomcat application server allows a hacker to execute arbitrary code.
The vulnerability of the PersistenceManager component in the Apache Tomcat application server is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created request...
Vulnerability fixed in Apache Tomcat
The developers of Apache Tomcat have fixed a vulnerability fixed that could potentially allow a remote malicious person to execute arbitrary code under the application's permissions. This is possible if: the malicious party has control of a file on the server; PersistenceManager is used in...
GHSA-344F-F5VG-2JFJ Potential remote code execution in Apache Tomcat
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
SUSE-SU-2020:1363-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...
DEBIAN-CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
UBUNTU-CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...