37 matches found
EUVD-2018-0691
Malware in sbrugna...
EUVD-2020-1289
Malware in sbrugna...
Apache Tomcat 8.0.0.RC1 < 8.0.44
The version of Tomcat installed on the remote host is prior to 8.0.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.44security-8 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...
Apache Tomcat 7.0.0 < 7.0.78
The version of Tomcat installed on the remote host is prior to 7.0.78. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.78security-7 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...
Fixed in Apache Tomcat 9.0.71
Important: Apache Tomcat denial of service CVE-2023-24998 Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload...
GHSA-JMVV-524F-HJ5J Improper Handling of Exceptional Conditions in Apache Tomcat
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
'/WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
'/%20..\WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1419)
The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76,...
Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation
According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...
Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation
According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...
GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
Security feature bypass
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...