31 matches found
K24335161: Apache Tomcat vulnerability CVE-2017-12616
Security Advisory Description When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. CVE-2017-12616 Impact There is no...
SUSE CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
GHSA-8QQ4-8JVQ-MFW4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
Mageia: Security Advisory (MGASA-2017-0352)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities
Binary data 700674.pasl...
Apache Tomcat 7.0.x < 7.0.81 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.81. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability when running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default to false...
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
tomcat: Information Disclosure when using VirtualDirContext
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
tomcat: Information Disclosure when using VirtualDirContext
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
Debian: Security Advisory (DLA-1108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
An information disclosure vulnerability exists in Apache Tomcat. By crafting a malicious request an attacker may view the source code of jsp files for resources...
Debian DLA-1108-1 : tomcat7 security update
The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. For Debian 7 'Wheezy', these problems have been fixed in...
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Linux
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Windows
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
[SECURITY] [DLA 1108-1] tomcat7 security update
Package : tomcat7 Version : 7.0.28-4+deb7u15 CVE ID : CVE-2017-12616 The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...
Updated tomcat packages fix security vulnerability
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...
MGASA-2017-0352 Updated tomcat packages fix security vulnerability
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...
Apache Tomcat Information Disclosure Vulnerability (CNVD-2017-27471)
Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. An information disclosure vulnerability exists in Apache...