16 matches found
EUVD-2017-14449
Malware in sbrugna...
EUVD-2000-1220
Malware in sbrugna...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1030)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1030 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...
CVE-2023-34035
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2019-1992)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence...
Ubuntu: Security Advisory (USN-3665-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Tomcat Security Bypass Vulnerability(CVE-2018-1305)
Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.4 Apache Tomcat 8.5.0 to 8.5.27 Apache Tomcat 8.0.0.RC1 to 8.0.49 Apache Tomcat 7.0.0 to 7.0.84 Description: Security constraints defined by annotations of Servlets were only applied once a Servlet had been...
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
Binary data 9700.prm...
CVE-2014-8890
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations...
CVE-2014-3428
Cross-site scripting XSS vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet...
ResolveURLServlet pre-auth arbitrary file download vulnerability
The ResolveURLServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled url parameter and using this in a call to URLConnection.openConnection, an attacker...
PT-2011-3236 · Apache +1 · Apache Tomcat +2
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...
Denial of Service vulnerability in Cewolf
Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Cewolf - Chart Enabling Web Object Framework. This servlet is using as at individual sites, as in different CMS. Besides Cewolf itself, also those web applications are vulnerable which are using it, such as Megapolis.Portal...
Unify eWave ServletExec 3.0C UploadServlet Unprivileged File Upload
ServletExec has a servlet called 'UploadServlet' in its server side classes. UploadServlet, when invokable, allows an attacker to upload any file to any directory on the server. The uploaded file may have code that can later be executed on the server, leading to remote command execution...
Sun Java Web Server 1.1.32.0 Servlets - information Disclosure
Sun Java Web Server 1.1.32.0 Servlets - information Disclosure source: https://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server...