Download
| Alert*
oval:org.secpod.oval:def:1000492
The remote host is missing a patch 152510-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2103261 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:87180 The host is installed with Apache Tomcat 9.0.0.M9 through 9.0.9, 8.5.x through 8.5.31 and is prone to an information disclosure vulnerability. A flaw is present in application, which fails to properly handle async requests. Successful exploitation could result in a user seeing a response intended fo ... oval:org.secpod.oval:def:89043732 This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service . - CVE-2018-8034: The host name verif ... oval:org.secpod.oval:def:2501013 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. oval:org.secpod.oval:def:1000565 The remote host is missing a patch 152511-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1600909 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:603500 Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. oval:org.secpod.oval:def:115028 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:53404 Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. oval:org.secpod.oval:def:89977 The remote host is missing a patch 152511-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:503144 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix: * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up * tomcat: Insecure defaults in CORS fi ... oval:org.secpod.oval:def:1502663 The advisory is missing the security advisory description. For more information please visit the reference link |