202 matches found
Amazon Linux AMI : tomcat6 (ALAS-2016-681)
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...
Amazon Linux: Security Advisory (ALAS-2016-681)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2016-680)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: tomcat8
Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...
Medium: tomcat7
Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...
SUSE-SU-2016:0839-1 Security update for tomcat6
This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and li...
SUSE-SU-2016:0822-1 Security update for tomcat
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent...
Debian DLA-435-1 : tomcat6 security update
Tomcat 6, an implementation of the Java Servlet and the JavaServer Pages JSP specifications and a pure Java web server environment, was affected by multiple security issues prior version 6.0.45. CVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45...
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
CVE-2016-0714
The CVE-2016-0714 entry concerns the Tomcat session-persistence mechanism. In Apache Tomcat versions affected (6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2), the session-persistence implementation mishandles session attributes, allowing remote authenticated use...
Apache Tomcat Security Manager Bypass Vulnerability - 01 (Feb 2016) - Windows
Apache Tomcat is prone to a security manager bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
Apache Tomcat Security Manager Remote Code Execution Vulnerability
Apache Tomcat is a popular open source JSP application server program. Apache Tomcat Security Manager suffers from a security restriction bypass vulnerability in the implementation of the session persistence mechanism that allows an attacker to place constructed objects in a session, which can be...
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
UBUNTU-CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...
Fixed in Apache Tomcat 6.0.45
Low: Limited directory traversal CVE-2015-5174 This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource getResourceAsStream and getResourcePaths the paths should be limited to the current web...
Seditio CMS 1.7.1 Password Disclosure
Exploit Title: Seditio CMS Multiple Vulnerabilities + Google Dork: intext:"Powered by Seditio CMS" + Date: 27/7/2015 + Exploit Author: Arash Khazaei + Vendor Homepage: http://www.seditiocms.com/ + Software Link: http://www.seditiocms.com/page.php?id=20&a=dl + Version: 1.7.1Last Version + Tested...
IBM WebSphere Service Registry and Repository 8.5 < 8.5.0.1 Multiple Vulnerabilities
The version of IBM WebSphere Service Registry and Repository WSRR is version 8.5 prior to 8.5.0.1. It is therefore, affected by multiple vulnerabilities : - An unspecified DOM based cross-site scripting XSS vulnerability in the WSRR web UI. CVE-2014-6132 - WSSR web interface issues a cookie that ...
CVE-2003-1095
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...