Download
| Alert*
oval:org.secpod.oval:def:21164
The host is installed with Apache Tomcat 7.x before 7.0.40 and is prone to unrestricted file upload vulnerability. A flaw is present in the application, which fails to properly handle outdated java.io.File code and a custom JMX configuration. Successful exploitation allows remote attackers to execut ... oval:org.secpod.oval:def:602335 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. |