EUVD-2022-4905

Malicious code in bioql PyPI...

Apache Tomcat 9.0.0.M1 < 9.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m10security-9 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.72security-7 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC...

K36302720: Apache Tomcat vulnerability CVE-2016-6797

Security Advisory Description The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web...

Incorrect Authorization in Apache Tomcat

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive...

Information disclosure

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

CVE-2016-6797

Removed by vendor...

CVE-2016-6797

CVE-2016-6797 stems from Apache Tomcat’s ResourceLinkFactory not restricting web app access to global JNDI resources, allowing a web application to access any global JNDI resource regardless of explicit ResourceLink. Affects Tomcat 6.x/7.x/8.x/9.x releases listed in the entry (various 6.0–9.0 lin...

Security Manager Bypass

web-naming is vulnerable to denial of service via security manager bypass. The ResourceLinkFactory.setGlobalContext method was accessibly under a security manager without any checks. This allowed a malicious web application to injection a global context that could be used to disrupt other web...

[SECURITY] [DLA 746-2] tomcat6 regression update

Package : tomcat6 Version : 6.0.45+dfsg-1deb7u5 Debian Bug : 848492 The last security update introduced a regression due to the use of StringManager in the ResourceLinkFactory class. The code was removed again since it is not strictly required to resolve CVE-2016-6797. For Debian 7 "Wheezy", thes...

Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764)

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. CVE-2016-6325 A...

CVE-2016-6797

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

Fixed in Apache Tomcat 8.5.5 and 8.0.37

Low: Unrestricted Access to Global Resources CVE-2016-6797 The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether...

Apache Tomcat 7.0.x < 7.0.68 / 8.0.x < 8.0.32 Multiple Vulnerabilities

Binary data 9313.prm...

Amazon Linux AMI : tomcat7 (ALAS-2016-680)

ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web...