Download
| Alert*
|
oval:org.secpod.oval:def:89045458
This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass securit ... oval:org.secpod.oval:def:25126 The host is installed with Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55 or 8.x before 8.0.9 and is prone to a denial of service vulnerability. A flaw is present in application, which does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request ... oval:org.secpod.oval:def:702622 tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:702625 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:602335 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:52513 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1600331 It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough reques ... oval:org.secpod.oval:def:602436 Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. oval:org.secpod.oval:def:204119 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ... oval:org.secpod.oval:def:501905 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ... |
