Download
| Alert*
oval:org.secpod.oval:def:54292
The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 or 7.0.0 to 7.0.93 and is prone to a remote code execution vulnerability. A flaw is present in the application which fails to handle the issue in CGI servlet. Successful exploitation allows a remote attacker to exe ... oval:org.secpod.oval:def:1601005 When the default servlet in Apache Tomcat returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat is vulnerable to ... |