Download
| Alert*
oval:org.secpod.oval:def:116796
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:1601025 The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were ab ... oval:org.secpod.oval:def:89043920 This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames . - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI ... oval:org.secpod.oval:def:1000492 The remote host is missing a patch 152510-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1601005 When the default servlet in Apache Tomcat returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat is vulnerable to ... oval:org.secpod.oval:def:1000565 The remote host is missing a patch 152511-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:53946 The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.14 or 8.5.0 to 8.5.37 and is prone to a denial of service vulnerability. A flaw is present in the application which fails to handle the issue during the HTTP/2 implementation. Successful exploitation allows attackers to cause server-s ... oval:org.secpod.oval:def:89977 The remote host is missing a patch 152511-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:705179 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:705168 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:58875 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:58876 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:2104522 The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet A ... oval:org.secpod.oval:def:1901765 [HTTP/2 DoS] oval:org.secpod.oval:def:604658 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:89974 The remote host is missing a patch 152510-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:61484 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. |