FreeBSD : tomcat -- Security constraints ignored or applied too late (55c4233e-1844-11e8-a712-0025908740c2)

The Apache Software Foundation reports : Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

Security Constraint Bypass

tomcat-catalina is vulnerable to security constraint bypass. Security constraints are only applied after a servlet has already been loaded. Depending on the order in which the servlets were loaded, its possible that some of the constraints were not applied at all. Leveraging this, users may have...

Design/Logic Flaw

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

Apache Tomcat 7.0.0 < 7.0.85 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.85. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.85security-7 advisory. - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to...

Apache Tomcat 8.0.0.RC1 < 8.0.50 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.50security-8 advisory. - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to...

tomcat -- Security constraints ignored or applied too late

The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems

Dell EMC fixed two critical flaws in its management interfaces for its VMAX enterprise storage systems. One of the vulnerabilities could allow a remote attacker to use a hard-coded password to a default account to gain unauthorized access to systems. The company issued updates that address the tw...

Fixed in Apache Tomcat 7.0.85

Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...

Fixed in Apache Tomcat 8.0.50

Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...

Fixed in Apache Tomcat 9.0.5

Important: Security constraint annotations applied too late CVE-2018-1305 Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was...

ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download Vulnerability

Exploit for multiple platform in category web applications Arbitrary file download in ManageEngine Netflow Analyzer and IT360 Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure: 30/11/2014 /...

Unspecified Vulnerability in Oracle Hyperion Hyperion BI+ Component (CNVD-2018-01531)

Oracle Hyperion is a suite of financial modeling applications from Oracle that provides financial close, reporting, etc. Hyperion BI+ is one of the Business Intelligence platform components that provides management reporting and analysis on any data source. A security vulnerability exists in the...

Unspecified Vulnerability in Oracle Hyperion Hyperion BI+ Component (CNVD-2018-01530)

Oracle Hyperion is a suite of financial modeling applications from Oracle that provides financial close, reporting, etc. Hyperion BI+ is one of the Business Intelligence platform components that provides management reporting and analysis on any data source. A security vulnerability exists in the...

CVE-2018-2594

Vulnerability in the Hyperion BI+ component of Oracle Hyperion subcomponent: Foundation UI & Servlets. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks...

Cross site scripting

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager...

CVE-2017-11296

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager...