Download
| Alert*
|
oval:org.secpod.oval:def:89043920
This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames . - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI ... oval:org.secpod.oval:def:705168 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:705179 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:1902146 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window clients were able to cause server-side threads to block eventu ... oval:org.secpod.oval:def:58875 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:2104522 The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet A ... oval:org.secpod.oval:def:58876 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:55556 The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.19 or 8.5.0 to 8.5.40 and is prone to a denial of service vulnerability. A flaw is present in the application which fails to handle the issue in HTTP/2 connection. Successful exploitation allows attackers to cause server-side threads ... oval:org.secpod.oval:def:89974 The remote host is missing a patch 152510-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:604836 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:63519 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:89043860 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams . - CVE-2019-12418: Fixed a local privilege escalation by manipulating the ... |
