Download
| Alert*
|
oval:org.secpod.oval:def:400438
This update fixes a regression in parameter passing . In addition, multiple weaknesses in HTTP DIGESTS are fixed . CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might ... oval:org.secpod.oval:def:202865 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ... oval:org.secpod.oval:def:1503298 Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:600727 Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written ... oval:org.secpod.oval:def:500262 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ... oval:org.secpod.oval:def:201618 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ... oval:org.secpod.oval:def:3749 The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle Catalina in HTTP Digest Access Authentication implementation. Successful exploita ... oval:org.secpod.oval:def:500251 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ... oval:org.secpod.oval:def:200431 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ... |
