Download
| Alert*
oval:org.secpod.oval:def:1601470
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65 oval:org.secpod.oval:def:78377 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service. oval:org.secpod.oval:def:89045755 This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected ... oval:org.secpod.oval:def:89045787 This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet . oval:org.secpod.oval:def:89045797 This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet . oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:74769 The host is installed with Apache Tomcat 10.0.0-M1 through 10.0.5, 9.0.0.M1 through 9.0.45 ,8.5.0 through 8.5.65 or 7.0.0 through 7.0.108 and is prone to an improperauthentication vulnerability. A flaw is present in application, which fails to properly handle issues in JNDI Realm of Apache Tomcat. S ... oval:org.secpod.oval:def:605907 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service. oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:2107016 Oracle Solaris 11 - ( CVE-2021-30640 ) oval:org.secpod.oval:def:74575 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. oval:org.secpod.oval:def:1701676 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Apache Tomcat ... oval:org.secpod.oval:def:605596 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1702109 Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue |