Lucene search
K

16 matches found

Ubuntu
Ubuntu
added 2020/09/30 12:55 p.m.106 views

USN-4557-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...

9.8CVSS7.1AI score0.90338EPSS
Exploits12
Veracode
Veracode
added 2020/04/10 12:53 a.m.22 views

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists as it was found that JNLPSecurityManager could silently return without throwing an exception when permission was denied. If the javaws command was used to launch a Java Web Start application that relies on this exception being...

6.8CVSS3.5AI score0.02533EPSS
Exploits0References26Affected Software1
Veracode
Veracode
added 2017/04/07 3:32 a.m.38 views

XML External Entity (XXE)

Glassfish web-core is vulnerable to XML External Entity XXE attacks. These allow remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. This is relate...

7.8AI score0.06905EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/02/28 12:0 a.m.69 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K30971148)

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/02/03 12:0 a.m.51 views

Ubuntu: Security Advisory (USN-3177-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.90338EPSS
Exploits12References5
Amazon
Amazon
added 2016/03/10 12:0 a.m.55 views

Medium: tomcat8

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

5.3CVSS7.3AI score0.1838EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/11/28 12:0 a.m.48 views

Apache Tomcat Multiple Vulnerabilities (Nov 2014)

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS8.4AI score0.2006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.37 views

RHEL 5 / 6 : tomcat5 (RHSA-2012:0680)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0680 advisory. - tomcat: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 - tomcat: passwor...

7.5CVSS5.8AI score0.80318EPSS
Exploits8References21
NVD
NVD
added 2014/09/30 2:55 p.m.32 views

CVE-2014-3558

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

5CVSS6.4AI score0.02913EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2014/07/31 12:0 a.m.47 views

Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2302-1 advisory. David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw t...

5CVSS7AI score0.2006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.43 views

FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)

Tomcat Security Team reports : Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

5CVSS6.5AI score0.2006EPSS
Exploits1References7
Prion
Prion
added 2014/05/31 11:17 a.m.28 views

Xxe

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a...

4.3CVSS7AI score0.06905EPSS
Exploits0References48Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/05/30 12:0 a.m.49 views

Apache Tomcat 8.0.0-RC1 < 8.0.5 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.5security-8 advisory. - Integer overflow in the parseChunkHeader function in...

5CVSS6.8AI score0.2006EPSS
Exploits1References11
FreeBSD
FreeBSD
added 2014/05/23 12:0 a.m.39 views

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

8.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/01/31 10:55 p.m.58 views

Important: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, whic...

5CVSS6.1AI score0.80318EPSS
Exploits8References7
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.47 views

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS6.4AI score0.15226EPSS
Exploits2References7
Rows per page
Query Builder