202 matches found
DEBIAN-CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
UBUNTU-CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...
CVE-2021-25979
Apostrophe CMS vulnerability CVE-2021-25979 affects versions 2.63.0 through 3.3.1, where the system does not invalidate existing login sessions when disabling a user or changing a password. This can allow a compromised device to maintain access after actions intended to lock out the user. The roo...
CVE-2021-35214
CVE-2021-35214 describes a session-management vulnerability in SolarWinds Pingdom: when a user changes password or email, active sessions in other windows were not invalidated, allowing continued access. Documents confirm multiple active sessions could persist across browser windows and that the ...
USN-5052-1: MongoDB vulnerability
MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Redmine 代码问题漏洞
Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management, issue tracking, and role-based access control. A code issue vulnerability exists in Redmine that allows existing user sessions to continue with two-factor authenticati...
tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 security release
Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
CVE-2020-1776
CVE-2020-1776 affects OTRS, specifically the Open-Source Ticket Request System. The vulnerability arises in the session handling when an agent user is renamed or set to invalid; the session belonging to that user remains active. According to the sources, the active session cannot be used to acces...
tomcat6 security update
0:6.0.24-115 - Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence...
CentOS 7 : tomcat (RHSA-2020:2530)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2530 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...
Scientific Linux Security Update : tomcat on SL7.x (noarch) (20200611)
Security Fixes : - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid137390; scriptversion"1.7";...
CentOS: Security Advisory for tomcat (CESA-2020:2530)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Important: Red Hat Security Advisory: tomcat6 security update
An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
tomcat security update
0:7.0.76-12 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence...