Security Bulletin: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint, which affects IBM watsonx.data

Summary Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from...

[SECURITY] Fedora 41 Update: tomcat-9.0.98-1.fc41

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 40 Update: tomcat-9.0.98-1.fc40

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Improper Handling of Exceptional Conditions CVE-2024-34750 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

[SECURITY] Fedora 40 Update: tomcat-9.0.89-1.fc40

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

Low: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 14 Security Update

An update is now available for Red Hat JBoss Web Server 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Debian DSA-4835-1 : tomcat9 - security update

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4835. The text itself is copyright C...

Debian: Security Advisory (DLA-2279-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 9 security update

An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

[SECURITY] Fedora 24 Update: tomcat-8.0.36-2.fc24

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 update

Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Debian: Security Advisory (DSA-3530-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for tomcat RHSA-2015:0983-01

The remote host is missing an update for the Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 update

Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...