12 matches found
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...
Apache Tomcat 7.0.0 < 7.0.2
The version of Tomcat installed on the remote host is prior to 7.0.2. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.2security-7 advisory. - Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid...
FreeBSD : payara -- Code execution via crafted PUT requests to JSPs (22bc5327-f33f-11e8-be46-0019dbb15b3f)
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
Apache Tomcat 7.0.0 < 7.0.85 Security Constraint Weakness
The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.85. It is, therefore, affected by a security constraints flaw which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...
Apache Tomcat 7.0.0 < 7.0.82
The version of Tomcat installed on the remote host is prior to 7.0.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.82security-7 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...
Tomcat full system packet DoS denial of service vulnerability CVE-2 0 1 4-0 2 3 0-vulnerability warning-the black bar safety net
Tomcat burst number for the CVE-2 0 1 4-0 2 3 0 DoS denial of service vulnerability. The vulnerability risk level is LOW, the impact of the version include: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 The problem occurs in with the...
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Apache Tomcat is prone to a remote information-disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
Apache Tomcat is prone to a remote information-disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...
[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...