Download
| Alert*
|
oval:org.secpod.oval:def:1000492
The remote host is missing a patch 152510-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2103261 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:89043732 This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service . - CVE-2018-8034: The host name verif ... oval:org.secpod.oval:def:2501013 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. oval:org.secpod.oval:def:1000565 The remote host is missing a patch 152511-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1600909 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:1600906 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:2103427 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to "/foo/" when the user requested "/foo") a specially crafted URL could be used to cause the redirect to be generated to any URI of the at ... oval:org.secpod.oval:def:87179 The host is installed with Apache Tomcat 9.0.0.M1 through 9.0.9, 7.0.25 through 7.0.88, 8.0.x through 8.0.52 or 8.5.x through 8.5.31 and is prone to a security bypass vulnerability. A flaw is present in application, which fails to properly perform host name verification. Successful exploitation allo ... oval:org.secpod.oval:def:704166 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:603500 Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. oval:org.secpod.oval:def:52061 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:205275 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource e ... oval:org.secpod.oval:def:115028 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:503302 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource e ... oval:org.secpod.oval:def:53404 Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. oval:org.secpod.oval:def:1504566 [0:7.0.76-9] - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo sure of resources - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Lat ... oval:org.secpod.oval:def:89977 The remote host is missing a patch 152511-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1900091 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to7.0.88. oval:org.secpod.oval:def:503144 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix: * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up * tomcat: Insecure defaults in CORS fi ... oval:org.secpod.oval:def:1502663 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700312 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. The URL pattern of quot;quot; which exactly maps to the context root was not ... |
