Download
| Alert*
oval:org.secpod.oval:def:89045458
This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass securit ... oval:org.secpod.oval:def:25125 The host is installed with Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58 or 8.x before 8.0.16 and is prone to a security bypass vulnerability. A flaw is present in the Expression Language (EL) implementation, which does not properly consider the possibility of an accessible interface implemente ... oval:org.secpod.oval:def:25788 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:702622 tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:702625 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1501407 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. This update ... oval:org.secpod.oval:def:602335 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:52513 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1600343 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1600331 It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough reques ... oval:org.secpod.oval:def:501791 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. This updat ... oval:org.secpod.oval:def:1600351 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:602436 Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. oval:org.secpod.oval:def:602314 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:205726 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501880 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ... oval:org.secpod.oval:def:204023 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ... oval:org.secpod.oval:def:1501600 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... |