Download
| Alert*
oval:org.secpod.oval:def:508075
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:1601693 Tomcat: Memory leak Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option ... oval:org.secpod.oval:def:2108009 Oracle Solaris 11 - ( CVE-2023-24998 ) oval:org.secpod.oval:def:508113 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:2501243 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:89048934 This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: \- CVE-2023-24998: Added a configurable maximum number of files to upload per request . oval:org.secpod.oval:def:87708 The host is installed with Apache Tomcat 11.0.0-M1, 10.1.0-M1 through 10.1.4, 9.0.0.M1 through 9.0.70 or 8.5.0 through 8.5.84 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the file upload functionality. Successful exploitation ... oval:org.secpod.oval:def:89048635 This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute . * CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts . oval:org.secpod.oval:def:1601827 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option is not enabled by de ... oval:org.secpod.oval:def:89048952 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:89048951 This update for tomcat fixes the following issues: Updated to version 9.0.75: \- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:1702233 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.Note that, like all of the file upload limits, the new configuration option is not enabled by def ... oval:org.secpod.oval:def:89048596 This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts . oval:org.secpod.oval:def:89048651 This update for jakarta-commons-fileupload fixes the following issues: * CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service . * CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts . oval:org.secpod.oval:def:89048552 This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts . oval:org.secpod.oval:def:612725 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... oval:org.secpod.oval:def:1701708 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:2600384 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:89048916 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:1701752 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:89048921 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:95230 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... oval:org.secpod.oval:def:89048541 This update for tomcat fixes the following issues: * CVE-2023-24998: Fixed FileUpload DoS with excessive parts . oval:org.secpod.oval:def:89048682 This update for jakarta-commons-fileupload fixes the following issues: * CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service . * CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts . |