Lucene search
K

202 matches found

OSV
OSV
added 2022/01/27 1:15 p.m.8 views

DEBIAN-CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS7.8AI score0.00692EPSS
Exploits15References1
OSV
OSV
added 2022/01/27 1:15 p.m.1 views

UBUNTU-CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS7.2AI score0.00692EPSS
Exploits15References6
NCSC
NCSC
added 2022/01/27 12:0 a.m.5 views

Vulnerability fixed in Apache Tomcat

A vulnerability has been fixed in Apache Tomcat. The vulnerability potentially allows a local malicious party to obtain the same rights obtain the same rights as the user used by the Tomcat process. used. To exploit this vulnerability, Tomcat must be configured to keep sessions active through the...

7CVSS6.6AI score0.00692EPSS
Exploits15
CVE
CVE
added 2021/11/08 2:20 p.m.62 views

CVE-2021-25979

Apostrophe CMS vulnerability CVE-2021-25979 affects versions 2.63.0 through 3.3.1, where the system does not invalidate existing login sessions when disabling a user or changing a password. This can allow a compromised device to maintain access after actions intended to lock out the user. The roo...

9.8CVSS9.3AI score0.01103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/12 3:18 p.m.52 views

CVE-2021-35214

CVE-2021-35214 describes a session-management vulnerability in SolarWinds Pingdom: when a user changes password or email, active sessions in other windows were not invalidated, allowing continued access. Documents confirm multiple active sessions could persist across browser windows and that the ...

4.8CVSS4.8AI score0.01768EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2021/08/26 1:55 a.m.123 views

USN-5052-1: MongoDB vulnerability

MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges...

7.1CVSS7AI score0.01225EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.1 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits15References9
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.5 views

Redmine 代码问题漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management, issue tracking, and role-based access control. A code issue vulnerability exists in Redmine that allows existing user sessions to continue with two-factor authenticati...

7.5CVSS7.4AI score0.01017EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/06/29 8:39 a.m.3 views

tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7CVSS6.7AI score0.56636EPSS
Exploits15References9
RedHat Linux
RedHat Linux
added 2021/06/29 8:39 a.m.166 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 security release

Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

7.5CVSS6.8AI score0.56636EPSS
Exploits15References4
Github Security Blog
Github Security Blog
added 2021/04/22 4:11 p.m.64 views

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

7.1CVSS3.4AI score0.00322EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/27 1:8 p.m.2 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits15References9
CVE
CVE
added 2020/07/20 9:4 p.m.92 views

CVE-2020-1776

CVE-2020-1776 affects OTRS, specifically the Open-Source Ticket Request System. The vulnerability arises in the session handling when an agent user is renamed or set to invalid; the session belonging to that user remains active. According to the sources, the active session cannot be used to acces...

4.3CVSS4.6AI score0.00946EPSS
Exploits0References2Affected Software1
Oracle linux
Oracle linux
added 2020/06/12 12:0 a.m.60 views

tomcat6 security update

0:6.0.24-115 - Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence...

7CVSS6AI score0.56636EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2020/06/12 12:0 a.m.50 views

CentOS 7 : tomcat (RHSA-2020:2530)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2530 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

7CVSS7.2AI score0.56636EPSS
Exploits15References2
Tenable Nessus
Tenable Nessus
added 2020/06/12 12:0 a.m.30 views

Scientific Linux Security Update : tomcat on SL7.x (noarch) (20200611)

Security Fixes : - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid137390; scriptversion"1.7";...

7CVSS7AI score0.56636EPSS
Exploits15References2
OpenVAS
OpenVAS
added 2020/06/12 12:0 a.m.56 views

CentOS: Security Advisory for tomcat (CESA-2020:2530)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7CVSS7.6AI score0.56636EPSS
Exploits15References2
RedHat Linux
RedHat Linux
added 2020/06/11 2:4 p.m.2 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits15References9
RedHat Linux
RedHat Linux
added 2020/06/11 11:36 a.m.73 views

Important: Red Hat Security Advisory: tomcat6 security update

An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7CVSS6.8AI score0.56636EPSS
Exploits15References2
Oracle linux
Oracle linux
added 2020/06/11 12:0 a.m.72 views

tomcat security update

0:7.0.76-12 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence...

7CVSS5.7AI score0.56636EPSS
Exploits15
Rows per page
Query Builder