Lucene search
K
OracleManaged File Transfer

15 matches found

CVE
CVE
added 2020/05/20 6:26 p.m.1512 views

CVE-2020-9484

CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...

7CVSS7.5AI score0.56636EPSS
CVE
CVE
added 2021/12/18 11:55 a.m.1185 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2020/07/14 3:0 p.m.974 views

CVE-2020-13935

CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...

7.5CVSS7.5AI score0.87553EPSS
CVE
CVE
added 2021/03/01 12:0 p.m.955 views

CVE-2021-25329

The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...

7CVSS7.3AI score0.09491EPSS
CVE
CVE
added 2021/03/01 12:0 p.m.924 views

CVE-2021-25122

CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...

7.5CVSS6.9AI score0.18114EPSS
CVE
CVE
added 2020/07/14 2:59 p.m.626 views

CVE-2020-13934

CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...

7.5CVSS7.3AI score0.64124EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.607 views

CVE-2021-33037

CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...

5.3CVSS6.1AI score0.75353EPSS
CVE
CVE
added 2021/10/14 7:55 p.m.481 views

CVE-2021-42340

The CVE-2021-42340 issue is a memory leak in Apache Tomcat caused by the upgrade HTTP metric collector not releasing WebSocket resources after close. Affected versions include Tomcat 8.5.60–8.5.71, 9.0.40–9.0.53, 10.0.0-M1–10.0.11, and 10.1.0-M1–10.1.0-M5. Over time, this leak can lead to OutOfMe...

7.5CVSS6.7AI score0.10997EPSS
CVE
CVE
added 2022/01/27 12:0 a.m.440 views

CVE-2022-23181

CVE-2022-23181 is a TOCTTOU vulnerability introduced by the fix for CVE-2020-9484 in Apache Tomcat when the server persists sessions using FileStore. It is exploitable by a local attacker who can perform actions with the Tomcat process user privileges. Affected ranges (per the sources) include To...

7CVSS7.2AI score0.00692EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.358 views

CVE-2018-1305

Apache Tomcat contains CVE-2018-1305, where security constraints defined by Servlet annotations were only applied after a Servlet load, potentially allowing unauthorized access to resources depending on the order of loading. Affected releases span 7.0.0–7.0.84, 8.0.0.RC1–8.0.49, 8.5.0–8.5.27, and...

6.5CVSS6.3AI score0.14737EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.294 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2018/07/09 8:0 p.m.283 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
CVE
CVE
added 2018/06/05 1:0 p.m.213 views

CVE-2018-1000180

CVE-2018-1000180 affects Bouncy Castle BC 1.54–1.59 (and BC-FJA 1.0.0/1.0.1) with a flaw in the Low-level RSA key pair generator interface that may produce RSA key pairs with fewer Miller–Rabin primality tests than expected. IBM vulnerability bulletins associate this CVE with IBM products (e.g., ...

7.5CVSS7.1AI score0.03592EPSS
CVE
CVE
added 2019/10/08 1:39 p.m.196 views

CVE-2019-17359

The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...

7.5CVSS8.1AI score0.08878EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.55 views

CVE-2019-2538

CVE-2019-2538 is a vulnerability in the Oracle Managed File Transfer (MFT Runtime Server) component of Oracle Fusion Middleware . Affected versions are 19.1.0.0.0 and 12.2.1.3.0 . The issue allows a low-privileged attacker who can access the service over the network via HTTP to compromise MFT, po...

7.1CVSS6.2AI score0.0112EPSS