GHSA-4PRH-GQW8-RGH5 Apache Tomcat Directory Traversal

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...

Low: Red Hat Security Advisory: rgmanager security, bug fix, and enhancement update

An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score,...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6839)

This update of tomcat5/6 fixes : - Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that...

SuSE Security Update: Security update for Tomcat 5 (tomcat5-6841)

This update of tomcat5/6 fixes: CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2901: CVSS v2 Base Score: 4.3 When...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...

SLES10: Security update for Tomcat 5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: tomcat5 tomcat5-admin-webapps tomcat5-webapps More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6352)

This update of tomcat fixes several vulnerabilities : - RequestDispatcher usage can lead to information leakage. CVE-2008-5515 - denial of service via AJP connection. CVE-2009-0033 - some authentication classes allow user enumeration. CVE-2009-0580 - XSS bug in example application cal2.jsp...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5955)

Two old but not yet fixed security issues in tomcat5 were spotted and are fixed by this update : - Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon ; preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.d...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5689)

This update of tomcat fixes an information leak due to incorrect IP address filtering. CVE-2008-3271 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid34499;...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)

This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. CVE-2008-2938 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)

This update of tomcat fixes cross-site scripting bugs CVE-2007-2449 as well as it improves the list of supported SSL ciphers. CVE-2007-1858 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)

Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...