foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

Security Bulletin: Security configurations for Rest servers in XSLD

Summary These security vulnerabilities were found during Dynamic scans performed on XSLD 8.6.1.6. Please follow the remediation given to resolve these issues. Vulnerability Details 1 Unnecessary Http Response Headers found in the Application. Description : The response contains unnecessary header...

CVE-2023-4886

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

Information disclosure

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

CVE-2023-4886 Foreman: world readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

CVE-2023-4886 Foreman: world readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

PT-2023-30988 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A sensitive information exposure issue was found in foreman, where the contents of tomcat's server.xml file are world readable. This file contains passwords to candlepin's keystore and...

Default credentials

An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml...

SmartFoxServer 安全漏洞

SmartFoxServer is a software development program for rapid development of multiplayer games and applications via Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C ++, etc. SmartFoxServer is a software development program from SmartFoxServer, USA. The software...

Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Analytic Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SPSS Analytic Server. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Gather Tomcat Credentials

This module will attempt to collect credentials from Tomcat services running on the machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather Tomcat Credentials', 'Description' = %q This...

After disable SSL 3.0 (cause of Poodle) Jira doesn't work

After following this description: https://confluence.atlassian.com/display/JIRA/How+To+Disable+SSLv3+to+Mitigate+Against+POODLE+Exploit+for+JIRA?focusedCommentId=683541348&comment-683541348 Jira doesnt work anymore. Our default server.xml contains following: scheme="https" secure="true"...

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

Default configuration

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...

Improve the default SSL cipherset in standalone JIRA setup

We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions would be helpful...

Improve the default SSL cipherset in standalone JIRA setup

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions woul...

Apache Tomcat UTF-8目录遍历漏洞

BUGTRAQ ID:30633 CVE ID：CVE-2008-2938 CNCVE ID：CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题，如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8'，攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomca...