Lucene search
+L

204 matches found

RedHat Linux
RedHat Linux
added 2020/06/11 11:36 a.m.73 views

Important: Red Hat Security Advisory: tomcat6 security update

An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7CVSS6.8AI score0.56636EPSS
Exploits16References2
Oracle linux
Oracle linux
added 2020/06/11 12:0 a.m.72 views

tomcat security update

0:7.0.76-12 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence...

7CVSS5.7AI score0.56636EPSS
Exploits16
RedHat Linux
RedHat Linux
added 2020/06/10 5:5 p.m.3 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits16References9
RedHat Linux
RedHat Linux
added 2020/06/10 4:28 p.m.88 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3.1 security update

Updated Red Hat JBoss Web Server 5.3.1 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7CVSS6.8AI score0.56636EPSS
Exploits16References2
RedHat Linux
RedHat Linux
added 2020/06/10 4:28 p.m.4 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits16References9
RedHat Linux
RedHat Linux
added 2020/06/10 3:4 p.m.4 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits16References9
Tenable Nessus
Tenable Nessus
added 2020/05/26 12:0 a.m.36 views

FreeBSD : Apache Tomcat Remote Code Execution via session persistence (676ca486-9c1e-11ea-8b5e-b42e99a1b9c3)

The Apache Software Foundation reports : Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBS...

7CVSS7.1AI score0.56636EPSS
Exploits16References6
OpenVAS
OpenVAS
added 2020/05/25 12:0 a.m.44 views

openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0711-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7CVSS7.7AI score0.56636EPSS
Exploits16References2
OSV
OSV
added 2020/05/24 10:12 p.m.11 views

OPENSUSE-SU-2020:0711-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...

7CVSS8.1AI score0.56636EPSS
Exploits16References3
OSV
OSV
added 2020/05/21 2:56 p.m.12 views

SUSE-SU-2020:1365-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...

7CVSS7.9AI score0.56636EPSS
Exploits16References3
OSV
OSV
added 2020/05/21 2:55 p.m.14 views

SUSE-SU-2020:1364-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.htmlTomcat9.0.35markt CVE-2020-9484 bsc1171928 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the conten...

7CVSS7.9AI score0.56636EPSS
Exploits16References3
Apache Tomcat
Apache Tomcat
added 2020/05/16 12:0 a.m.68 views

Fixed in Apache Tomcat 7.0.104

High: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

7CVSS7.8AI score0.56636EPSS
Exploits16Affected Software1
FreeBSD
FreeBSD
added 2020/05/12 12:0 a.m.64 views

Apache Tomcat Remote Code Execution via session persistence

The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control...

7CVSS7AI score0.56636EPSS
Exploits16References4
Apache Tomcat
Apache Tomcat
added 2020/05/11 12:0 a.m.66 views

Fixed in Apache Tomcat 8.5.55

Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

7CVSS7.8AI score0.56636EPSS
Exploits16Affected Software1
NVD
NVD
added 2020/04/22 2:15 p.m.16 views

CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session...

7.5CVSS8.7AI score0.00989EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.43 views

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714)

Summary There are multiple vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714 reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron has remediated the affected versions. Vulnerability Details CVEID: CVE-2015-5345 DESCRIPTION: Apache...

8.8CVSS0.7AI score0.1838EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

6.5CVSS8.9AI score0.56262EPSS
Exploits0References1
NVD
NVD
added 2019/08/06 7:15 p.m.12 views

CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS6.7AI score0.01225EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/08/06 12:0 a.m.6 views

PT-2019-16408 · Mongodb +3 · Mongodb Server +4

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.9 MongoDB Server versions prior to 3.6.13 MongoDB Server versions prior to 3.4.22 Description: The improper invalidation of authorization sessions in MongoDB Server allows an authenticated user's session t...

7.5CVSS5.7AI score0.01655EPSS
Exploits2References29
OSV
OSV
added 2019/07/26 1:15 p.m.1 views

ALPINE-CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs...

7.5CVSS7AI score0.05015EPSS
Exploits0References1
Rows per page
Query Builder