Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-1938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References2
Debian CVE
Debian CVE
added 2024/09/23 10:43 a.m.13 views

CVE-2024-46544

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49...

5.9CVSS5.8AI score0.00326EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

7.5CVSS7AI score0.44244EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/17 4:41 p.m.5 views

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instance...

9.8CVSS7.5AI score0.9927EPSS
Exploits45References11
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.5 views

The vulnerability of the Apache Tomcat JK (mod_jk) Connector for Apache web servers in relation to the Tomcat Java server, arises from incorrect handling of connection conditions. This allows attackers to bypass established access controls.

The vulnerability of the Apache Tomcat JK modjk Connector for the Apache Tomcat Web Server httpd relates to the improper handling of path normalization and the comparison of the requested path with the URI-worker associative array in modjk. This issue arises due to incorrect processing of path...

7.5CVSS7.2AI score0.90647EPSS
Exploits0References9Affected Software3
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.134 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7AI score0.21979EPSS
Exploits0References7
OSV
OSV
added 2018/03/12 4:29 p.m.2 views

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

7.5CVSS5.8AI score0.44244EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2017/03/08 12:0 a.m.125 views

RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)

An update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

10CVSS6.8AI score0.92334EPSS
Exploits20References23
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.79 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.2 security update

Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

7.8CVSS6.8AI score0.73327EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2014/06/26 12:0 a.m.44 views

RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0783)

Updated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

5CVSS7.9AI score0.26831EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2014/05/21 3:45 p.m.61 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...

7.5CVSS6.5AI score0.83175EPSS
Exploits13References6
Atlassian
Atlassian
added 2013/12/23 2:57 p.m.633 views

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

7.1AI score
Exploits0Affected Software1
Debian
Debian
added 2009/06/02 7:40 p.m.25 views

[SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA-1810-1 [email protected] http://www.debian.org/security/ Stefan Fritsch June 02, 2009 http://www.debian.org/security/faq -...

2.6CVSS5.7AI score0.07263EPSS
Exploits2
OSV
OSV
added 2009/06/02 12:0 a.m.12 views

DSA-1810-1 libapache-mod-jk - information

Bulletin has no description...

2.6CVSS6.2AI score0.07263EPSS
Exploits2
OpenVAS
OpenVAS
added 2009/04/28 12:0 a.m.29 views

RedHat Security Advisory RHSA-2009:0446

The remote host is missing updates announced in advisory RHSA-2009:0446. modjk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in modjk. In certain situations, if a faulty client set the...

2.6CVSS6AI score0.07263EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.6 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.12924EPSS
Exploits1References4
seebug.org
seebug.org
added 2008/04/08 12:0 a.m.25 views

Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit

No description provided by source. / Fedora Core 6,7,8 exec-shield based Apache Tomcat Connector jk2-2.0.2modjk2 remote overflow exploit by INetCop Security Advanced exploitation in exec-shield Fedora Core case study URL: http://www.milw0rm.com/papers/151 IOActive Security Advisory:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/04/06 12:0 a.m.15 views

Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow

Apache Tomcat Connector jk2-2.0.2 modjk2 - Remote Overflow / Fedora Core 6,7,8 exec-shield based Apache Tomcat Connector jk2-2.0.2modjk2 remote overflow exploit by INetCop Security Advanced exploitation in exec-shield Fedora Core case study URL: http://www.milw0rm.com/papers/151 IOActive Security...

0.5AI score
Exploits0
0day.today
0day.today
added 2008/04/06 12:0 a.m.18 views

Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit

Exploit for linux platform in category remote exploits =================================================================== Apache Tomcat Connector jk2-2.0.2 modjk2 Remote Overflow Exploit =================================================================== / Fedora Core 6,7,8 exec-shield based...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/07/08 12:0 a.m.31 views

Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)

No description provided by source. / Fedora Core 5,6 exec-shield based Apache Tomcat Connector modjk remote overflow exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

7.1AI score
Exploits0
Rows per page
Query Builder