Lucene search
+L

168 matches found

securityvulns
securityvulns
added 2011/02/08 12:0 a.m.88 views

[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original report is 1. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale or javax.servlet.ServletRequest.getLocales. Work-arounds have been implemented in the...

0.3AI score
Exploits0
myhack58
myhack58
added 2010/01/10 12:0 a.m.17 views

JBOSS remote code execution vulnerability-vulnerability warning-the black bar safety net

Author: safe3 JBOSS default configuration will have a background of vulnerability, the vulnerability occurs inthe jboss. deployment namespace AddURLfunction,the function can be remote download a war archive and extract Visit http://www. safe3. com. cn:8 0 8 0/jmx-console/ background, as in the...

1.7AI score
Exploits0
Prion
Prion
added 2009/09/08 10:30 p.m.15 views

Design/Logic Flaw

The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.37 does not properly implement security constraints on the 1 doGet and 2 doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via...

5CVSS6.5AI score0.02775EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/09/08 10:0 p.m.22 views

CVE-2009-3106

The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.37 does not properly implement security constraints on the 1 doGet and 2 doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via...

6.1AI score0.02775EPSS
Exploits0References3
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.111 views

[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and...

5CVSS4.7AI score0.18685EPSS
Exploits1
Apache Tomcat
Apache Tomcat
added 2008/09/08 12:0 a.m.68 views

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

5CVSS7.5AI score0.75865EPSS
Exploits5Affected Software1
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.100 views

[CVE-2008-2370] Apache Tomcat information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2370: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and...

5CVSS7.1AI score0.52716EPSS
Exploits1
CVE
CVE
added 2005/11/16 9:17 p.m.48 views

CVE-2002-2141

BeA WebLogic Server and Express 7.0/7.0.0.1 running Servlets and EJB on multiple servers are vulnerable to a flaw that, when an application is undeployed on one server, causes removal of security constraints and roles on all servers for affected Servlets or EJBs. This could enable unauthorized ac...

7.5CVSS7.2AI score0.02363EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder