Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2021/11/30 2:28 p.m.2 views

tomcat: JNDI realm authentication weakness

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS7.2AI score0.09886EPSS
Exploits0References4
OSV
OSV
added 2017/08/11 6:19 a.m.5 views

USN-3388-1 subversion vulnerabilities

Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. CVE-2017-9800 Daniel Shahaf and James McCoy...

9.8CVSS7AI score0.18892EPSS
Exploits3References4
OSV
OSV
added 2015/05/25 12:0 a.m.2 views

UBUNTU-CVE-2015-2694

The kdcpreauth modules in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing 1 zero bytes of data or 2 an arbitrary realm name,...

5.8CVSS7.2AI score0.02838EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/01/19 5:21 p.m.5 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/12/20 5:16 p.m.5 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

4.3CVSS6.1AI score0.06631EPSS
Exploits0References4
Rows per page
Query Builder