Download
| Alert*
|
oval:org.secpod.oval:def:1600798
tomcat80 is installed oval:org.secpod.oval:def:1600906 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:1600856 Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. ... oval:org.secpod.oval:def:1600797 A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution |
