266 matches found
tomcat: system property disclosure
It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update
An update is now available for Red Hat JBoss Web Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
Debian DLA-779-1 : tomcat7 security update
A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information...
[SECURITY] [DLA 779-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u9 CVE ID : CVE-2016-8745 Debian Bug : 849949 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processo...
Privilege Escalation
geode-core is vulnerable to privilege escalation. A malicious user can write a simple function to change the securityManager's settings to gain privileges to execute arbitrary code...
Debian DLA-728-1 : tomcat6 security update
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
[SECURITY] [DLA 729-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u7 CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Debian Bug : 841655 842662 842663 842664 842665 842666 845385 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP...
DLA-729-1 tomcat7 - security update
Bulletin has no description...
Debian DSA-3720-1 : tomcat8 - security update
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
Debian DSA-3721-1 : tomcat7 - security update
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
[SECURITY] [DSA 3721-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3721-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3720-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3720-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3720-1 (tomcat8 - security update)
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
Debian Security Advisory DSA 3721-1 (tomcat7 - security update)
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
DSA-3720-1 tomcat8 - security update
Bulletin has no description...
DSA-3721-1 tomcat7 - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3720-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3721-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...