ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities

ZDI-10-143: Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-143 August 9, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Security Manager -- Vulnerability...

Novell Sentinel Log Manager Multiple Servlet Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Log Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within the fileDownload and reportPluginUpload Tomcat servlets which do not require...

IBM WebSphere Application Server Cross Site Scripting (CVE-2009-2742)

The IBM WebSphere Application Server is a Java 2 Enterprise Edition J2EE and Web Services-based application server. The software is made available for various vendor operating systems. It comprises of several Java-based tools that allow users to create and manage sophisticated business web sites...

[SECURITY] Fedora 9 Update: jetty-5.1.15-3.fc9

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Tomcat: Multiple vulnerabilities

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...

jspwiki-xss.txt

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

JSPWiki Multiple Vulnerabilities

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

Stack overflow

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service slowdown via unknown attack vectors that cause "looping stack overflow errors."...

CVE-2002-2006

CVE-2002-2006 affects Apache Tomcat 4.0–4.1 and 3.0–3.3.1. The vulnerability is an information disclosure: the default Tomcat distribution exposes installation path and other sensitive info via the Sno o pServlet and TroubleShooter example servlets. The issue is explicitly described as informatio...

CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...

CVE-2003-0151

CVE-2003-0151 affects BEA WebLogic Server and Express versions 6.0–7.0. The vulnerability is an access-control flaw in internal admin servlets that may allow remote attackers to read arbitrary files or execute arbitrary code. The connected sources confirm the affected products and the nature of t...

CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...

CVE-2002-2006

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the 1 SnoopServlet or 2 TroubleShooter example servlets...

Fixed in Apache Tomcat 4.1.0

Important: Denial of service CVE-2003-0866 A malformed HTTP request can cause the request processing thread to become unresponsive. A sequence of such requests will cause all request processing threads, and hence Tomcat as a whole, to become unresponsive. Affects: 4.0.0-4.0.6 Low: Information...

IBM WebSphere default servlet handler showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere default servlet handler showcode vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072400-6-IBM Release Date: July 24, 2000 Product: IBM...

tomcat-3.1.path.txt

LoWNOISE Tomcat 3.1 Path Revealing Problem. ====PRODUCT: Release Build 3.1 of Tomcat from Apache Software Foundation. Tomcat is the combined JSP 1.1 and Servlets 2.2 reference implementation being developed under the Apache process. http://jakarta.apache.org ====PROBLEM: Path Revealing Problem0...