Download
| Alert*
oval:org.secpod.oval:def:508075
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:2108009 Oracle Solaris 11 - ( CVE-2023-24998 ) oval:org.secpod.oval:def:19500293 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:2600384 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:95375 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-28709 Denial of Service. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exac ... oval:org.secpod.oval:def:90287 The host is installed with Apache Tomcat 11.0.0-M1 through 11.0.0-M4, 10.1.5 through 10.1.7, 9.0.71 through 9.0.73 or 8.5.85 through 8.5.87 or Atlassian Confluence Server 7.13.15 before 7.13.19, 7.19.7 before 7.19.11 or 8.1.1 before 8.4.1 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:1601741 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:91664 Oracle Solaris 11 - ( CVE-2023-24998 ) oval:org.secpod.oval:def:508113 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: Apache Commons FileUpload: FileUpload DoS with excessive parts tomcat: not including the secure attribute causes information disclosure tomcat: Fix for CVE-2023-24998 was incomplete For mor ... oval:org.secpod.oval:def:89048916 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:92147 The host is installed with Atlassian Confluence Server 7.13.15 before 7.13.19, 7.19.7 before 7.19.11, or 8.1.1 before 8.4.1 and and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the maxParameterCount parameters in the query string ... oval:org.secpod.oval:def:2501243 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:1701710 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:612724 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-28709 Denial of Service. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exac ... oval:org.secpod.oval:def:89048921 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:1701757 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:89048952 This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:89048951 This update for tomcat fixes the following issues: Updated to version 9.0.75: \- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:1702233 Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.Note that, like all of the file upload limits, the new configuration option is not enabled by def ... |