25 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-1938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher...
CVE-2024-46544
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49...
SUSE CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...
The vulnerability of the Apache Tomcat JK (mod_jk) Connector for Apache web servers in relation to the Tomcat Java server, arises from incorrect handling of connection conditions. This allows attackers to bypass established access controls.
The vulnerability of the Apache Tomcat JK modjk Connector for the Apache Tomcat Web Server httpd relates to the improper handling of path normalization and the comparison of the requested path with the URI-worker associative array in modjk. This issue arises due to incorrect processing of path...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)
An update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.2 security update
Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0783)
Updated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...
Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured
The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...
[SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure
------------------------------------------------------------------------ Debian Security Advisory DSA-1810-1 [email protected] http://www.debian.org/security/ Stefan Fritsch June 02, 2009 http://www.debian.org/security/faq -...
DSA-1810-1 libapache-mod-jk - information
Bulletin has no description...
RedHat Security Advisory RHSA-2009:0446
The remote host is missing updates announced in advisory RHSA-2009:0446. modjk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in modjk. In certain situations, if a faulty client set the...
mod_jk sends decoded URL to tomcat
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
No description provided by source. / Fedora Core 6,7,8 exec-shield based Apache Tomcat Connector jk2-2.0.2modjk2 remote overflow exploit by INetCop Security Advanced exploitation in exec-shield Fedora Core case study URL: http://www.milw0rm.com/papers/151 IOActive Security Advisory:...
Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow
Apache Tomcat Connector jk2-2.0.2 modjk2 - Remote Overflow / Fedora Core 6,7,8 exec-shield based Apache Tomcat Connector jk2-2.0.2modjk2 remote overflow exploit by INetCop Security Advanced exploitation in exec-shield Fedora Core case study URL: http://www.milw0rm.com/papers/151 IOActive Security...
Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
Exploit for linux platform in category remote exploits =================================================================== Apache Tomcat Connector jk2-2.0.2 modjk2 Remote Overflow Exploit =================================================================== / Fedora Core 6,7,8 exec-shield based...
Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
No description provided by source. / Fedora Core 5,6 exec-shield based Apache Tomcat Connector modjk remote overflow exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...