178 matches found
DSA-2160-1 tomcat6 - several
Bulletin has no description...
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
Binary data 800609.prm...
Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities
Binary data 5786.pasl...
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
Binary data 5789.pasl...
Apache Tomcat 7.0.0 < 7.0.4
The version of Tomcat installed on the remote host is prior to 7.0.4. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.4security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
Directory traversal
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
CVE-2010-3718
CVE-2010-3718 affects Apache Tomcat 7.0.0–7.0.3, 6.0.x, and 5.5.x when running under a SecurityManager. The vulnerability is that ServletContext attributes are not made read-only, allowing local web applications to read or write files outside the intended working directory via a directory travers...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
USN-1055-1: OpenJDK vulnerabilities
It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. CVE-2011-0025 USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu...
Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerability (USN-1052-1)
It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. CVE-2010-4351. Note that...
USN-1052-1: OpenJDK vulnerability
It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. CVE-2010-4351...
Design/Logic Flaw
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
Fixed in Apache Tomcat 7.0.4
Low: SecurityManager file permission bypass CVE-2010-3718 When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate file...
Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists within Oracle's custom SecurityManager...
ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-055 April 5, 2010 -- CVE ID: CVE-2010-0095 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerabili...