204 matches found
Important: Red Hat Security Advisory: tomcat6 security update
An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
tomcat security update
0:7.0.76-12 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3.1 security update
Updated Red Hat JBoss Web Server 5.3.1 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
FreeBSD : Apache Tomcat Remote Code Execution via session persistence (676ca486-9c1e-11ea-8b5e-b42e99a1b9c3)
The Apache Software Foundation reports : Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBS...
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0711-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0711-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...
SUSE-SU-2020:1365-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...
SUSE-SU-2020:1364-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...
Fixed in Apache Tomcat 7.0.104
High: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Apache Tomcat Remote Code Execution via session persistence
The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control...
Fixed in Apache Tomcat 8.5.55
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
CVE-2020-11688
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session...
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714)
Summary There are multiple vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714 reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions. Vulnerability Details CVEID: CVE-2015-5345 DESCRIPTION: Apache...
ALPINE-CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...
CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...
PT-2019-16408 · Mongodb +3 · Mongodb Server +4
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.9 MongoDB Server versions prior to 3.6.13 MongoDB Server versions prior to 3.4.22 Description: The improper invalidation of authorization sessions in MongoDB Server allows an authenticated user's session t...
ALPINE-CVE-2019-13565
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...