Download
| Alert*
|
oval:org.secpod.oval:def:604658
Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:89000430 This update for tomcat fixes the following issues: CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code ... oval:org.secpod.oval:def:705353 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:2105434 Oracle Solaris 11 - ( CVE-2019-12418 ) oval:org.secpod.oval:def:60206 The host is installed with Apache Tomcat 9.x before 9.0.29, 7.x before 7.0.99 or 8.5.x before 8.5.49 and is prone to a local privilege escalation vulnerability. A flaw is present in application, which fails to properly handle an issue in Tomcat's JmxRemoteLifecycleListener. Successful exploitation a ... oval:org.secpod.oval:def:2005276 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user nam ... oval:org.secpod.oval:def:1601093 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user nam ... oval:org.secpod.oval:def:61793 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:89000364 This update for tomcat6 fixes the following issues: CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code ... oval:org.secpod.oval:def:61484 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:89974 The remote host is missing a patch 152510-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:604836 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:89043860 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams . - CVE-2019-12418: Fixed a local privilege escalation by manipulating the ... oval:org.secpod.oval:def:63519 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:1701318 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:1701708 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:1701752 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... |
