Download
| Alert*
oval:org.secpod.oval:def:89000030
This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability . - CVE-2020-13935: Fixed a WebSocket DoS . oval:org.secpod.oval:def:1601176 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of ser ... oval:org.secpod.oval:def:705571 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:66719 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. oval:org.secpod.oval:def:89043759 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 * CVE-2020-13935 oval:org.secpod.oval:def:1504043 [0:7.0.76-15] - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [0:7.0.76-14] - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execu ... oval:org.secpod.oval:def:89000061 This update for tomcat fixes the following issues: - Fixed CVEs: CVE-2020-13934 CVE-2020-13935 oval:org.secpod.oval:def:205653 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * tomcat: session fixation when using FORM authentication For more details about the security i ... oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:67443 The host is installed with Oracle Database Server 12.2.0.1, 18c or 19c and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the Workload Manager issue. Successful exploitation allows unauthorized ability to cause a hang or frequently repeatab ... oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:67432 The host is installed with Oracle Database Server 12.2.0.1, 18c or 19c and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the Workload Manager issue. Successful exploitation allows unauthorized ability to cause a hang or frequently repeatab ... oval:org.secpod.oval:def:604923 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. oval:org.secpod.oval:def:504300 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS * tomcat: session fixation when using FORM authentication For more details about the security i ... oval:org.secpod.oval:def:705709 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1701318 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:67063 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:67188 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1701708 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:1701752 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:64669 The host is installed with Apache Tomcat 10.x before 10.0.0-M7, 9.x before 9.0.37, 7.0.27 before 7.0.105 or 8.5.x before 8.5.57 or Oracle Database Server 12.2.0.1, 18c or 19c and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle incorrect ... |