Download
| Alert*
oval:org.secpod.oval:def:89044130
This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system . - CVE-2021-25122: Apache Tomcat h2c request mix-up - CVE-2021-25329: Complete fix for CVE-2020-9484 oval:org.secpod.oval:def:89044122 This update for tomcat fixes the following issues: - CVE-2021-25122: Apache Tomcat h2c request mix-up - CVE-2021-25329: Complete fix for CVE-2020-9484 oval:org.secpod.oval:def:89044118 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up * CVE-2021-25329: Complete fix for CVE-2020-9484 - Log if file access is blocked due to symlinks: CVE-2021-24122 oval:org.secpod.oval:def:71235 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1601428 A deserialization flaw was discovered in Apache Tomcat"s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:2106644 Oracle Solaris 11 - ( CVE-2021-25122 ) oval:org.secpod.oval:def:74768 The host is installed with Apache Tomcat 10.0.0-M1 through 10.0.0, 9.0.0.M1 through 9.0.41 or 8.5.0 through 8.5.61 and is prone to an information disclosure vulnerability. A flaw is present in application, which fails to handle new h2c connection requests. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:605490 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:1701732 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. |