Lucene search
K

168 matches found

OpenVAS
OpenVAS
added 2016/02/25 12:0 a.m.56 views

Apache Tomcat Directory Disclosure Vulnerability (Feb 2016) - Linux

Apache Tomcat is prone to a directory disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

5.3CVSS7AI score0.1838EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/02/25 12:0 a.m.59 views

Apache Tomcat Directory Disclosure Vulnerability (Feb 2016) - Windows

Apache Tomcat is prone to a directory disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

5.3CVSS7AI score0.1838EPSS
Exploits0References6
Apache Tomcat
Apache Tomcat
added 2016/02/11 12:0 a.m.73 views

Fixed in Apache Tomcat 6.0.45

Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...

8.8CVSS7.5AI score0.1838EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/04 6:12 a.m.15 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...

6.1CVSS5.7AI score0.05618EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2013/09/27 12:0 a.m.180 views

Apache Struts 2 'action:' Parameter Prefix Security Constraint Bypass

The remote web application appears to use Struts 2, a web framework used for creating Java web applications. The version of Struts 2 in use is affected by a security constraint bypass vulnerability due to a flaw in the action mapping mechanism. Under certain unspecified conditions, an attacker...

10CVSS5.8AI score0.08333EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/01/15 6:54 p.m.43 views

Important: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Application Platform 6.0.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

4.3CVSS6.8AI score0.11975EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.44 views

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

4.3CVSS6.7AI score0.11975EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.38 views

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.9AI score0.11975EPSS
Exploits3References4
Ubuntu
Ubuntu
added 2013/01/14 1:50 p.m.92 views

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.8AI score0.11975EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2013/01/08 8:25 p.m.9 views

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

4.3CVSS6.6AI score0.11975EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/03 10:49 p.m.53 views

Important: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score,...

4.3CVSS6.8AI score0.11975EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2012/12/19 12:0 a.m.24 views

CVE-2012-3546

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

4.3CVSS6.8AI score0.11975EPSS
Exploits1References5
securityvulns
securityvulns
added 2012/12/07 12:0 a.m.119 views

CVE-2012-3546 Apache Tomcat Bypass of security constraints

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.35 Earlier unsupported versions may also be affected Descriptio...

4.3CVSS0.2AI score0.11975EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/11/21 12:0 a.m.42 views

Apache Tomcat 7.0.0 < 7.0.30 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.30security-7 advisory. - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in...

5CVSS6.5AI score0.12098EPSS
Exploits5References8
Apache Tomcat
Apache Tomcat
added 2012/09/06 12:0 a.m.57 views

Fixed in Apache Tomcat 7.0.30

Important: Denial of service CVE-2012-3544 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. This was...

5CVSS6.8AI score0.11975EPSS
Exploits3Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.22 views

Design/Logic Flaw

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...

4.3CVSS6.9AI score0.0654EPSS
Exploits1References8Affected Software1
securityvulns
securityvulns
added 2011/05/17 12:0 a.m.86 views

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...

5.8CVSS0.3AI score0.06453EPSS
Exploits1
Apache Tomcat
Apache Tomcat
added 2011/05/12 12:0 a.m.41 views

Fixed in Apache Tomcat 7.0.14

Important: Security constraint bypass CVE-2011-1582 An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly. This was fixed in revision 1100832. This...

5.8CVSS4.1AI score0.06156EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2011/04/06 12:0 a.m.45 views

Fixed in Apache Tomcat 7.0.12

Important: Information disclosure CVE-2011-1475 Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of respons...

5.8CVSS5.3AI score0.0869EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2011/03/11 12:0 a.m.51 views

Fixed in Apache Tomcat 7.0.11

Important: Security constraint bypass CVE-2011-1088 When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11. This...

5.8CVSS4.2AI score0.06453EPSS
Exploits1Affected Software1
Rows per page
Query Builder