Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.4 views

SUSE CVE-2016-0762

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...

5.9CVSS8.6AI score0.07991EPSS
Exploits0References10
OSV
OSV
added 2021/08/13 3:21 p.m.13 views

GHSA-36QH-35CM-5W2W Authentication Bypass by Alternate Name in Apache Tomcat

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

6.5CVSS7.1AI score0.09886EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.6 views

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

5.9CVSS7.3AI score0.07991EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.5 views

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

5.9CVSS7.3AI score0.07991EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/03/07 7:5 p.m.5 views

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

5.9CVSS7.3AI score0.07991EPSS
Exploits0References7
OSV
OSV
added 2016/10/28 12:0 a.m.2 views

UBUNTU-CVE-2016-0762

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...

5.9CVSS6.7AI score0.07991EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/02/02 12:0 a.m.11 views

PT-2016-3431 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9 Apache Tomcat versions 8.5.0 through 8.5.4 Apache Tomcat versions 8.0.0.RC1 through 8.0.36 Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 6.0.0 through 6.0.45 Description: T...

9.8CVSS6.5AI score0.90338EPSS
Exploits12References181
Rows per page
Query Builder