Lucene search
K

266 matches found

RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.7 views

tomcat: system property disclosure

It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible...

5.3CVSS7.3AI score0.07152EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/03/07 7:5 p.m.88 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update

An update is now available for Red Hat JBoss Web Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

9.8CVSS7.3AI score0.90338EPSS
Exploits20References16
Tenable Nessus
Tenable Nessus
added 2017/01/11 12:0 a.m.54 views

Debian DLA-779-1 : tomcat7 security update

A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information...

7.5CVSS7.3AI score0.39633EPSS
Exploits6References3
Debian
Debian
added 2017/01/10 11:37 p.m.83 views

[SECURITY] [DLA 779-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u9 CVE ID : CVE-2016-8745 Debian Bug : 849949 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processo...

7.5CVSS8.2AI score0.39633EPSS
Exploits6
Veracode
Veracode
added 2016/12/05 8:24 a.m.5 views

Privilege Escalation

geode-core is vulnerable to privilege escalation. A malicious user can write a simple function to change the securityManager's settings to gain privileges to execute arbitrary code...

7.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/12/02 12:0 a.m.59 views

Debian DLA-728-1 : tomcat6 security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

9.8CVSS6.6AI score0.90338EPSS
Exploits12References9
Debian
Debian
added 2016/12/01 10:56 p.m.68 views

[SECURITY] [DLA 729-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u7 CVE ID : CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 Debian Bug : 841655 842662 842663 842664 842665 842666 845385 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP...

9.8CVSS9.4AI score0.90338EPSS
Exploits12
OSV
OSV
added 2016/12/01 12:0 a.m.42 views

DLA-729-1 tomcat7 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.90338EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2016/11/22 12:0 a.m.53 views

Debian DSA-3720-1 : tomcat8 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2016/11/22 12:0 a.m.46 views

Debian DSA-3721-1 : tomcat7 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

9.1CVSS6.4AI score0.10303EPSS
Exploits5References13
Debian
Debian
added 2016/11/21 6:49 p.m.52 views

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

9.1CVSS8.9AI score0.10303EPSS
Exploits5
Debian
Debian
added 2016/11/21 6:49 p.m.39 views

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

5CVSS1.4AI score0.10303EPSS
Exploits5
Debian
Debian
added 2016/11/21 6:49 p.m.45 views

[SECURITY] [DSA 3720-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

9.1CVSS9.1AI score0.10303EPSS
Exploits5
Debian
Debian
added 2016/11/21 6:49 p.m.51 views

[SECURITY] [DSA 3720-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

5CVSS1.4AI score0.10303EPSS
Exploits5
OpenVAS
OpenVAS
added 2016/11/21 12:0 a.m.47 views

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

5CVSS0.1AI score0.10303EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2016/11/21 12:0 a.m.48 views

Debian Security Advisory DSA 3721-1 (tomcat7 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

5CVSS0.1AI score0.10303EPSS
Exploits5References1
OSV
OSV
added 2016/11/21 12:0 a.m.57 views

DSA-3720-1 tomcat8 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.10303EPSS
Exploits5
OSV
OSV
added 2016/11/21 12:0 a.m.53 views

DSA-3721-1 tomcat7 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.10303EPSS
Exploits5
OpenVAS
OpenVAS
added 2016/11/20 12:0 a.m.48 views

Debian: Security Advisory (DSA-3720-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.10303EPSS
Exploits5References3
OpenVAS
OpenVAS
added 2016/11/20 12:0 a.m.33 views

Debian: Security Advisory (DSA-3721-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.10303EPSS
Exploits5References3
Rows per page
Query Builder