212 matches found
tomcat -- denial of service
The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...
Apache Tomcat 7.0.x < 7.0.28 Multiple DoS
Binary data 6623.pasl...
Fixed in Apache Tomcat 6.0.36
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
CentOS Update for tomcat6 CESA-2011:1780 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for tomcat6 CESA-2011:1780 centos6
Check for the Version of tomcat6 OpenVAS Vulnerability Test CentOS Update for tomcat6 CESA-2011:1780 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Fixed in Apache Tomcat 7.0.28
Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update
Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
Moderate: Red Hat Security Advisory: tomcat5 security and bug fix update
Updated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CV...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...
Important: Red Hat Security Advisory: jbossweb security update
Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS ba...
Important: Red Hat Security Advisory: jbossweb security update
Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...
tomcat: security manager restrictions bypass
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...