RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Fix for CVE-2023-24998 was incomplete CVE-2023-28709 Note that Nessus has not tested for this issue but has...

SUSE CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

tomcat: XSS in SSI printenv

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Ubuntu 18.04 LTS : Tomcat vulnerabilities (USN-4128-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4128-2 advisory. It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to...

[SECURITY] [DLA 1883-1] tomcat8 security update

Package : tomcat8 Version : 8.0.14-1+deb8u15 CVE ID : CVE-2016-5388 CVE-2018-8014 CVE-2019-0221 Debian Bug : 929895 898935 Several minor issues have been fixed in tomcat8, a Java Servlet and JSP engine. CVE-2016-5388 Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1673-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is no...

GHSA-JJPQ-GP5Q-8Q6W Cross-site scripting in Apache Tomcat

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Cross-site scripting in Apache Tomcat

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

EUVD-2019-0473

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

CVE-2019-0221

CVE-2019-0221 affects Apache Tomcat across multiple major lines (Tomcat 9.0.0.M1–9.0.0.17, 8.5.0–8.5.39, 7.0.0–7.0.93). The underlying issue is that the SSI printenv command echoes user-provided data without escaping, enabling cross-site scripting (XSS). SSI is disabled by default and intended fo...

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

Apache Tomcat 8.5.0 < 8.5.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.40security-8 advisory. - When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1...

KLA11472 ACE vulnerability in Apache Tomcat

Multiple vulnerabilities was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code and perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A vulnerability in CGI Servlet component can be exploited via due to a bug in the...

PT-2019-4683 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.93 Apache Tomcat versions 8.5.0 through 8.5.39 Apache Tomcat versions 9.0.0.M1 through 9.0.0.17 Description: The issue is related to the SSI printenv command in Apache Tomcat, which echoes user-provide...