Download
| Alert*
oval:org.secpod.oval:def:93317
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:88224 The host is installed with Apache Tomcat 11.0.0-M1 through 11.0.0-M2, 10.1.0-M1 through 10.1.5, 9.0.0.M1 through 9.0.71 or 8.5.0 through 8.5.85 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the RemoteIpFilter with reques ... oval:org.secpod.oval:def:508075 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:2108009 Oracle Solaris 11 - ( CVE-2023-24998 ) oval:org.secpod.oval:def:1701708 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:2600384 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:1601686 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections ... oval:org.secpod.oval:def:508113 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:2501243 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:1701301 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribut ... oval:org.secpod.oval:def:1701752 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:89048536 This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute . oval:org.secpod.oval:def:89048635 This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute . * CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts . oval:org.secpod.oval:def:610505 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:89048673 This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute . oval:org.secpod.oval:def:19500090 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections ... |