Download
| Alert*
oval:org.secpod.oval:def:40406
The host is installed with Apache Tomcat 7.x before 7.0.76, 8.x before 8.0.42, 8.5.x before 8.5.12 or 9.x before 9.0.0.M18 and is prone to an information disclosure vulnerability. A flaw is present in the Application, which did not use the appropriate facade object. Successful exploitation allows un ... oval:org.secpod.oval:def:89044827 This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure - CVE-2016-8745 shared Processor on Connector code could lead to information disc ... oval:org.secpod.oval:def:2100864 A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This c ... oval:org.secpod.oval:def:204545 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the remova ... oval:org.secpod.oval:def:112317 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:602868 Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects ... oval:org.secpod.oval:def:112319 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:1501935 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600690 Incorrect handling of pipelined requests when send file was usedA bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost whe ... oval:org.secpod.oval:def:502071 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the remova ... oval:org.secpod.oval:def:1600750 Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untr ... oval:org.secpod.oval:def:602869 Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects ... oval:org.secpod.oval:def:51964 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703934 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. |