168 matches found
[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original report is 1. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale or javax.servlet.ServletRequest.getLocales. Work-arounds have been implemented in the...
JBOSS remote code execution vulnerability-vulnerability warning-the black bar safety net
Author: safe3 JBOSS default configuration will have a background of vulnerability, the vulnerability occurs inthe jboss. deployment namespace AddURLfunction,the function can be remote download a war archive and extract Visit http://www. safe3. com. cn:8 0 8 0/jmx-console/ background, as in the...
Design/Logic Flaw
The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.37 does not properly implement security constraints on the 1 doGet and 2 doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via...
CVE-2009-3106
The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.37 does not properly implement security constraints on the 1 doGet and 2 doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via...
[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and...
CVE-2002-2141
BeA WebLogic Server and Express 7.0/7.0.0.1 running Servlets and EJB on multiple servers are vulnerable to a flaw that, when an application is undeployed on one server, causes removal of security constraints and roles on all servers for affected Servlets or EJBs. This could enable unauthorized ac...