41 matches found
Apache Commons FileUpload and Apache Tomcat Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons FileUpload and Apache Tomcat DoS', 'Description' = %q This module triggers an infinite loop in Apache Commons FileUpload 1.0 throu...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: ko, flux-kustomize-controller, ollama, metacontroller, dynamic-localpv-provisioner, kots, prometheus-adapter, slsa-verifier, hey, nodetaint, fuse-overlayfs-snapshotter, node-problem-detector, nghttp2, secrets-store-csi-driver, nats, envoy-ratelimit, weaviate,...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
vuln4japi A vulnerable Java based REST API for demonstrating C...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell...
Solaris 10 (sparc) : 152510-11
SunOS 5.10: Tomcat 8 patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...
Solaris 10 (x86) : 152511-11
SunOS 5.10x86: Tomcat 8 patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if description...
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-2489)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass som...
Debian DLA-2407-1 : tomcat8 security update
It was discovered that there was an issue in Apache Tomcat 8, the Java application server. An excessive number of concurrent streams could have resulted in users seeing responses for unexpected resources. For Debian 9 'Stretch', this problem has been fixed in version 8.5.54-0+deb9u4. We recommend...
Debian: Security Advisory (DLA-2407-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: tomcat8
Issue Overview: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead...
Solaris 10 (sparc) : 152510-10
SunOS 5.10: Tomcat 8 patch. Date this patch was last updated by Sun : Jul/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid138424; scriptversion"1.1";...
Solaris 10 (x86) : 152511-10
SunOS 5.10x86: Tomcat 8 patch. Date this patch was last updated by Sun : Jul/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid138430; scriptversion"1.1";...
Solaris 10 (sparc) : 152510-09
SunOS 5.10: Tomcat 8 patch. Date this patch was last updated by Sun : Apr/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid135438; scriptversion"1.1";...
Solaris 10 (x86) : 152511-09
SunOS 5.10x86: Tomcat 8 patch. Date this patch was last updated by Sun : Apr/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid135444; scriptversion"1.1";...
Ubuntu 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-4128-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4128-1 advisory. It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this...
USN-4128-1: Tomcat vulnerabilities
It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing...
Solaris 10 (sparc) : 152510-08
SunOS 5.10: Tomcat 8 patch. Date this patch was last updated by Sun : Jul/15/19 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid126722; scriptversion"1.2"; scriptcvsdate"Date:...
Design/Logic Flaw
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
Solaris 10 (sparc) : 152510-07
SunOS 5.10: Tomcat 8 patch. Date this patch was last updated by Sun : Apr/16/18 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid109075; scriptversion"1.3"; scriptcvsdate"Date:...