Download
| Alert*
|
oval:org.secpod.oval:def:8085
The host is installed with Apache Tomcat through 7.0.x and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the partial HTTP requests. Successful exploitation allows remote attackers to cause a denial of service (daemon outage). oval:org.secpod.oval:def:7942 The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly check for stale nonce values in conjunction with enforcement of proper credentials in the ... oval:org.secpod.oval:def:7943 The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle caches information in the HTTP Digest Access Authentication implementation. Succes ... oval:org.secpod.oval:def:1556 The host is installed with Apache Tomcat version 7.0.0 through 7.0.19, 6.0.0 through 6.0.33 and 5.5.0 through 5.5.34 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP APR or HTTP NIO connector when sendfile is enabled. Successful e ... oval:org.secpod.oval:def:606 The host is installed with Apache Tomcat and is prone to multiple cross site scripting vulnerabilities. Flaws are present in the HTML Manager Interface, which fails to properly validate user supplied input before using it in dynamically generated content. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:605 The host is installed with Apache Tomcat and is prone to security bypass vulnerability. A flaw is present in SecurityManager, which fails to make ServletContect attribute read-only thus allowing local web applications to read or write files outside the intended working directory. Successful exploita ... oval:org.secpod.oval:def:20822 The host is installed with Apache Tomcat 5.5.10 through 5.5.20 and is prone to array index out-of-bounds vulnerability. A flaw is present in the application, which fails handle a certain error condition. Successful exploitation can cause Tomcat to send POST content from one request to a different re ... oval:org.secpod.oval:def:203391 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ... oval:org.secpod.oval:def:203350 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat ... oval:org.secpod.oval:def:203313 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encodin ... oval:org.secpod.oval:def:2277 The host is installed with Apache Tomcat 7.0.0 through 7.0.20, or 6.0.0 through 6.0.33 or 5.5.0 through 5.5.33 and is prone to security bypass vulnerability. A flaw is present in the application which is caused by the improper handling of messages by the AJP protocol. Successful exploitation allows ... oval:org.secpod.oval:def:500262 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ... oval:org.secpod.oval:def:600727 Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written ... oval:org.secpod.oval:def:1518 The host is installed with Apache Tomcat and is prone to an information disclosure vulnerability. A flaw is present in the application, which stores passwords in log files if errors are encountered during JMX user creation. Successful exploitation could allow an attacker to read log files and obtain ... oval:org.secpod.oval:def:600186 Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. CVE-2011-0534 I ... oval:org.secpod.oval:def:20831 The host is installed with Apache Tomcat 5.5.0 through 5.5.29 or 6.0.0 through 6.0.26 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails handle a directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. Successful e ... oval:org.secpod.oval:def:20823 The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in sequences and the WEB-INF directory in a request. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:20824 The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a crafted request with invalid headers, related to temporary blocking of connectors that have encountered erro ... oval:org.secpod.oval:def:20827 The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to unspecified vulnerability. A flaw is present in the application, which fails handle a crafted application. Successful exploitation allows remote attackers to read or modify the (1) web.xml, (2) cont ... oval:org.secpod.oval:def:20825 The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a error checking in some authentication classes. Successful exploitation allows remote attackers to enumerate ... oval:org.secpod.oval:def:20826 The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a the time parameter. Successful exploitation allows remote attackers to inject arbitrary web script or HTML v ... oval:org.secpod.oval:def:20830 The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. Successful expl ... oval:org.secpod.oval:def:20829 The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle HTTP requests. Successful exploitation allows remote attackers to bypass intended authentication requirements. oval:org.secpod.oval:def:7988 The host is installed with Apache Tomcat 6.0.0 through 6.0.20 or 5.5.0 through 5.5.28 and is prone to insecure default administrative password vulnerability. A flaw is present in the application, where the Windows installer creates a blank password by default for the administrative user. Successful ... oval:org.secpod.oval:def:20820 The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in a request parameter. Successful exploitation allows remote attackers to conduct director ... oval:org.secpod.oval:def:20818 The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails handle the cookie in an https session. Successful exploitation allows remote attackers to inject arbitrary ... oval:org.secpod.oval:def:20819 The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails handle the name parameter to host-manager/html/add. Successful exploitation allows remote attackers to inj ... oval:org.secpod.oval:def:1500647 It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. It was found that whe ... oval:org.secpod.oval:def:1500608 Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500676 It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could ... oval:org.secpod.oval:def:1500678 Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulnera ... oval:org.secpod.oval:def:1500571 Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:501323 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on ... oval:org.secpod.oval:def:3749 The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle Catalina in HTTP Digest Access Authentication implementation. Successful exploita ... oval:org.secpod.oval:def:3938 The host is installed with Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses an inefficient approach for handling parameter. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:3750 The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to check realm values. Successful exploitation allows remote attackers to bypass intended access res ... oval:org.secpod.oval:def:3751 The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to check qop values. Successful exploitation allows remote attackers to bypass intended integrity-pr ... oval:org.secpod.oval:def:20832 The host is installed with Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.26 or 7.0.0 and is prone to denial of service vulnerability. A flaw is present in the application, which fails handle a crafted header. Successful exploitation allows remote attackers to cause a denial of service (appli ... oval:org.secpod.oval:def:20828 The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in an entry in a WAR file. Successful exploitation allows remote attackers to create or ove ... oval:org.secpod.oval:def:3752 The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which does not have the expected countermeasures against replay attacks. Successful exploitation allows remote a ... oval:org.secpod.oval:def:107624 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:601073 Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerable ... oval:org.secpod.oval:def:7944 The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle the replay-countermeasure functionality in the HTTP Digest Access Authentication i ... oval:org.secpod.oval:def:1500116 Updated tomcat6 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:20835 The host is installed with Apache Tomcat 6.0.x before 6.0.39, 7.x before 7.0.47 or 8.x before 8.0.0-RC3 and is prone to information disclosure vulnerability. A flaw is present in the application, which does not properly handle certain inconsistent HTTP request headers. Successful exploitation allows ... oval:org.secpod.oval:def:501360 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ... oval:org.secpod.oval:def:20836 The host is installed with Apache Tomcat 6.0.x before 6.0.39, 7.x before 7.0.50 or 8.x before 8.0.0-RC10 and is prone to denial of service vulnerability. A flaw is present in the application, which does not properly handle (1) a large total amount of chunked data or (2) whitespace characters in an H ... oval:org.secpod.oval:def:20837 The host is installed with Apache Tomcat 6.0.x before 6.0.39, 7.x before 7.0.50 or 8.x before 8.0.0-RC10 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle an untrusted web application. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:501332 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat ... oval:org.secpod.oval:def:602436 Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. oval:org.secpod.oval:def:1501959 The advisory is missing the security advisory description. For more information please visit the reference link |
