Lucene search
K

202 matches found

Tenable Nessus
Tenable Nessus
added 2016/04/01 12:0 a.m.35 views

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

8.8CVSS7.1AI score0.1838EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2016/03/31 12:0 a.m.72 views

Amazon Linux: Security Advisory (ALAS-2016-681)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.4AI score0.1838EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/03/31 12:0 a.m.48 views

Amazon Linux: Security Advisory (ALAS-2016-680)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.4AI score0.1838EPSS
Exploits0References2
Amazon
Amazon
added 2016/03/29 12:0 a.m.55 views

Medium: tomcat8

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

8.8CVSS8AI score0.13075EPSS
Exploits0
Amazon
Amazon
added 2016/03/29 12:0 a.m.70 views

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

8.8CVSS7.9AI score0.1838EPSS
Exploits0
OSV
OSV
added 2016/03/21 9:27 a.m.9 views

SUSE-SU-2016:0839-1 Security update for tomcat6

This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and li...

8.8CVSS6.5AI score0.1838EPSS
Exploits0References10
OSV
OSV
added 2016/03/18 2:14 p.m.15 views

SUSE-SU-2016:0822-1 Security update for tomcat

This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent...

8.8CVSS6.9AI score0.1838EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2016/02/29 12:0 a.m.51 views

Debian DLA-435-1 : tomcat6 security update

Tomcat 6, an implementation of the Java Servlet and the JavaServer Pages JSP specifications and a pure Java web server environment, was affected by multiple security issues prior version 6.0.45. CVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45...

8.8CVSS7.3AI score0.1838EPSS
Exploits0References8
NVD
NVD
added 2016/02/25 1:59 a.m.24 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS8.5AI score0.13075EPSS
Exploits0References50
Cvelist
Cvelist
added 2016/02/25 1:0 a.m.33 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.6AI score0.13075EPSS
Exploits0References50
Debian CVE
Debian CVE
added 2016/02/25 1:0 a.m.52 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS8.9AI score0.13075EPSS
Exploits0
CVE
CVE
added 2016/02/25 1:0 a.m.299 views

CVE-2016-0714

The CVE-2016-0714 entry concerns the Tomcat session-persistence mechanism. In Apache Tomcat versions affected (6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2), the session-persistence implementation mishandles session attributes, allowing remote authenticated use...

8.8CVSS8.1AI score0.13075EPSS
Exploits0References50Affected Software1
OpenVAS
OpenVAS
added 2016/02/25 12:0 a.m.56 views

Apache Tomcat Security Manager Bypass Vulnerability - 01 (Feb 2016) - Windows

Apache Tomcat is prone to a security manager bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

8.8CVSS7.1AI score0.13075EPSS
Exploits0References5
CNVD
CNVD
added 2016/02/24 12:0 a.m.1 views

Apache Tomcat Security Manager Remote Code Execution Vulnerability

Apache Tomcat is a popular open source JSP application server program. Apache Tomcat Security Manager suffers from a security restriction bypass vulnerability in the implementation of the session persistence mechanism that allows an attacker to place constructed objects in a session, which can be...

8.8CVSS9AI score0.13075EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/02/24 12:0 a.m.36 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS7.5AI score0.13075EPSS
Exploits0References3
OSV
OSV
added 2016/02/24 12:0 a.m.2 views

UBUNTU-CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS7.6AI score0.13075EPSS
Exploits0References4
Apache Tomcat
Apache Tomcat
added 2016/02/11 12:0 a.m.73 views

Fixed in Apache Tomcat 6.0.45

Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...

8.8CVSS7.5AI score0.1838EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2015/07/27 12:0 a.m.65 views

Seditio CMS 1.7.1 Password Disclosure

Exploit Title: Seditio CMS Multiple Vulnerabilities + Google Dork: intext:"Powered by Seditio CMS" + Date: 27/7/2015 + Exploit Author: Arash Khazaei + Vendor Homepage: http://www.seditiocms.com/ + Software Link: http://www.seditiocms.com/page.php?id=20&a=dl + Version: 1.7.1Last Version + Tested...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/20 12:0 a.m.22 views

IBM WebSphere Service Registry and Repository 8.5 < 8.5.0.1 Multiple Vulnerabilities

The version of IBM WebSphere Service Registry and Repository WSRR is version 8.5 prior to 8.5.0.1. It is therefore, affected by multiple vulnerabilities : - An unspecified DOM based cross-site scripting XSS vulnerability in the WSRR web UI. CVE-2014-6132 - WSSR web interface issues a cookie that ...

4.3CVSS5.1AI score0.02424EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.23 views

CVE-2003-1095

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...

6.7AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder