Lucene search
K

167 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.28. It is, therefore, affected by security constraints flaws which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...

6.5CVSS7.4AI score0.17378EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.24 views

Apache Tomcat 9.0.0.M1 < 9.0.5 Security Constraint Weakness

The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.5. It is, therefore, affected by security constraints flaws which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...

6.5CVSS7.4AI score0.17378EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2018/10/17 8:1 p.m.45 views

Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS1.6AI score0.02857EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/17 4:31 p.m.48 views

Apache Tomcat unauthorized access vulnerability

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7AI score0.17378EPSS
Exploits0References63Affected Software1
Packet Storm
Packet Storm
added 2018/09/14 12:0 a.m.56 views

Apache Portals Pluto 3.0.0 Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

5CVSS7.5AI score0.43895EPSS
Exploits5
OpenVAS
OpenVAS
added 2018/06/05 12:0 a.m.66 views

Ubuntu: Security Advisory (USN-3665-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.99988EPSS
Exploits29References4
OSV
OSV
added 2018/05/30 5:47 p.m.4 views

USN-3665-1 tomcat7, tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...

9.8CVSS7.2AI score0.99988EPSS
Exploits29References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.7 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.5 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 p.m.3 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/03/16 8:29 p.m.38 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.8AI score0.02857EPSS
Exploits0References2
Prion
Prion
added 2018/03/16 8:29 p.m.26 views

Security feature bypass

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5CVSS5.3AI score0.02857EPSS
Exploits0References6Affected Software5
OSV
OSV
added 2018/03/16 8:29 p.m.27 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.5AI score0.02857EPSS
Exploits0References6
NVD
NVD
added 2018/03/16 8:29 p.m.22 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS6.2AI score0.02857EPSS
Exploits0References6
Cvelist
Cvelist
added 2018/03/16 8:0 p.m.37 views

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.4AI score0.02857EPSS
Exploits0References6
CVE
CVE
added 2018/03/16 8:0 p.m.151 views

CVE-2018-1199

CVE-2018-1199 affects Spring Security (4.1.x before 4.1.5, 4.2.x before 4.2.4, 5.0.x before 5.0.1) and Spring Framework (4.3.x before 4.3.14, 5.0.x before 5.0.3). The issue is that URL path parameters are not consistently handled when evaluating security constraints, allowing an attacker to bypas...

5.3CVSS5.3AI score0.02857EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2018/03/07 3:21 p.m.4 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
OSV
OSV
added 2018/02/28 8:29 p.m.37 views

CVE-2018-1304

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS6.6AI score
Exploits0References40
NVD
NVD
added 2018/02/28 8:29 p.m.26 views

CVE-2018-1304

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7AI score0.17378EPSS
Exploits0References40
Debian CVE
Debian CVE
added 2018/02/28 8:0 p.m.54 views

CVE-2018-1304

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.5AI score0.17378EPSS
Exploits0
Rows per page
Query Builder