[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:25125
The host is installed with Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58 or 8.x before 8.0.16 and is prone to a security bypass vulnerability. A flaw is present in the Expression Language (EL) implementation, which does not properly consider the possibility of an accessible interface implemente ...

oval:org.secpod.oval:def:25126
The host is installed with Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55 or 8.x before 8.0.9 and is prone to a denial of service vulnerability. A flaw is present in application, which does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request ...

oval:org.secpod.oval:def:7987
The host is installed with Apache Tomcat 6.x before 6.0.36 or 7.x before 7.0.28 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly restrict the request-header size. Successful exploitation allows remote attackers to cause a denial of servic ...

oval:org.secpod.oval:def:33125
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ...

oval:org.secpod.oval:def:832
The host is installed with Apache Tomcat and is prone to cross-site scripting vulnerability. A flaw is present in the default configuration, which fails to set httpOnly flag in the Set-Cookie header. Successful exploitation allow remote attacker to hijack a session via script access to a cookie.

oval:org.secpod.oval:def:8085
The host is installed with Apache Tomcat through 7.0.x and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the partial HTTP requests. Successful exploitation allows remote attackers to cause a denial of service (daemon outage).

oval:org.secpod.oval:def:203393
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag lib ...

oval:org.secpod.oval:def:7942
The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly check for stale nonce values in conjunction with enforcement of proper credentials in the ...

oval:org.secpod.oval:def:7943
The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle caches information in the HTTP Digest Access Authentication implementation. Succes ...

oval:org.secpod.oval:def:8234
The host is installed with Apache Tomcat 6.x before 6.0.36 or 7.x before 7.0.28 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused when the NIO connector is used in conjunction with sendfile and HTTPS. Successful exploitation allows remote attacker ...

oval:org.secpod.oval:def:8235
The host is installed with Apache Tomcat 6.x before 6.0.36 or 7.x before 7.0.32 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle a request that lacks a session identifier. Successful exploitation allows remote attackers to bypass the cross-si ...

oval:org.secpod.oval:def:1556
The host is installed with Apache Tomcat version 7.0.0 through 7.0.19, 6.0.0 through 6.0.33 and 5.5.0 through 5.5.34 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle HTTP APR or HTTP NIO connector when sendfile is enabled. Successful e ...

oval:org.secpod.oval:def:606
The host is installed with Apache Tomcat and is prone to multiple cross site scripting vulnerabilities. Flaws are present in the HTML Manager Interface, which fails to properly validate user supplied input before using it in dynamically generated content. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:605
The host is installed with Apache Tomcat and is prone to security bypass vulnerability. A flaw is present in SecurityManager, which fails to make ServletContect attribute read-only thus allowing local web applications to read or write files outside the intended working directory. Successful exploita ...

oval:org.secpod.oval:def:203391
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ...

oval:org.secpod.oval:def:203313
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encodin ...

oval:org.secpod.oval:def:600727
Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written ...

oval:org.secpod.oval:def:2277
The host is installed with Apache Tomcat 7.0.0 through 7.0.20, or 6.0.0 through 6.0.33 or 5.5.0 through 5.5.33 and is prone to security bypass vulnerability. A flaw is present in the application which is caused by the improper handling of messages by the AJP protocol. Successful exploitation allows ...

oval:org.secpod.oval:def:500262
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ...

oval:org.secpod.oval:def:1518
The host is installed with Apache Tomcat and is prone to an information disclosure vulnerability. A flaw is present in the application, which stores passwords in log files if errors are encountered during JMX user creation. Successful exploitation could allow an attacker to read log files and obtain ...

oval:org.secpod.oval:def:604
The host is installed with Apache Tomcat and is prone to denial of service vulnerability. A flaw is present in the application which is caused by an error in the NIO connector when processing a request line. Successful exploitation allow remote attackers to cause an OutOfMemory error and crash the s ...

oval:org.secpod.oval:def:600186
Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. CVE-2011-0534 I ...

oval:org.secpod.oval:def:20831
The host is installed with Apache Tomcat 5.5.0 through 5.5.29 or 6.0.0 through 6.0.26 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails handle a directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. Successful e ...

oval:org.secpod.oval:def:20823
The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in sequences and the WEB-INF directory in a request. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:20824
The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a crafted request with invalid headers, related to temporary blocking of connectors that have encountered erro ...

oval:org.secpod.oval:def:20827
The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to unspecified vulnerability. A flaw is present in the application, which fails handle a crafted application. Successful exploitation allows remote attackers to read or modify the (1) web.xml, (2) cont ...

oval:org.secpod.oval:def:20825
The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a error checking in some authentication classes. Successful exploitation allows remote attackers to enumerate ...

oval:org.secpod.oval:def:20826
The host is installed with Apache Tomcat 5.5.0 through 5.5.27 or 6.0.0 through 6.0.18 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle a the time parameter. Successful exploitation allows remote attackers to inject arbitrary web script or HTML v ...

oval:org.secpod.oval:def:20830
The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. Successful expl ...

oval:org.secpod.oval:def:20829
The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle HTTP requests. Successful exploitation allows remote attackers to bypass intended authentication requirements.

oval:org.secpod.oval:def:7988
The host is installed with Apache Tomcat 6.0.0 through 6.0.20 or 5.5.0 through 5.5.28 and is prone to insecure default administrative password vulnerability. A flaw is present in the application, where the Windows installer creates a blank password by default for the administrative user. Successful ...

oval:org.secpod.oval:def:20820
The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in a request parameter. Successful exploitation allows remote attackers to conduct director ...

oval:org.secpod.oval:def:20819
The host is installed with Apache Tomcat 5.5.0 through 5.5.26 or 6.0.0 through 6.0.16 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails handle the name parameter to host-manager/html/add. Successful exploitation allows remote attackers to inj ...

oval:org.secpod.oval:def:1500676
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could ...

oval:org.secpod.oval:def:1500678
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulnera ...

oval:org.secpod.oval:def:501323
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on ...

oval:org.secpod.oval:def:3938
The host is installed with Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses an inefficient approach for handling parameter. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:3749
The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle Catalina in HTTP Digest Access Authentication implementation. Successful exploita ...

oval:org.secpod.oval:def:3750
The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to check realm values. Successful exploitation allows remote attackers to bypass intended access res ...

oval:org.secpod.oval:def:3751
The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to check qop values. Successful exploitation allows remote attackers to bypass intended integrity-pr ...

oval:org.secpod.oval:def:3725
The host is installed with Apache Tomcat before 5.5.35 or 6.x before 6.0.35 or 7.x before 7.0.23 and is prone to denial-of-service vulnerability. A flaw is present in the application, which computes hash values for form parameters without restricting the ability to trigger hash collisions. Successfu ...

oval:org.secpod.oval:def:20832
The host is installed with Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.26 or 7.0.0 and is prone to denial of service vulnerability. A flaw is present in the application, which fails handle a crafted header. Successful exploitation allows remote attackers to cause a denial of service (appli ...

oval:org.secpod.oval:def:20828
The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails handle a .. (dot dot) in an entry in a WAR file. Successful exploitation allows remote attackers to create or ove ...

oval:org.secpod.oval:def:601073
Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service. CVE-2013-2067 The FormAuthenticator module was vulnerable ...

oval:org.secpod.oval:def:14058
The host is installed with Apache Tomcat 6.x before 6.0.37 or 7.x before 7.0.30 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle chunk extensions in chunked transfer coding. Successful exploitation allows attackers to cause a denia ...

oval:org.secpod.oval:def:1500116
Updated tomcat6 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:3752
The host is installed with Apache Tomcat 5.5.x before 5.5.34 or 6.x before 6.0.33 or 7.x before 7.0.12 and is prone to security bypass vulnerability. A flaw is present in the application, which does not have the expected countermeasures against replay attacks. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:107624
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:7944
The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle the replay-countermeasure functionality in the HTTP Digest Access Authentication i ...

oval:org.secpod.oval:def:8233
The host is installed with Apache Tomcat 6.x before 6.0.36 or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which is caused when FORM authentication is used. Successful exploitation allows remote attackers to bypass security-constraint checks ...

oval:org.secpod.oval:def:204699
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:204472
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid character ...

oval:org.secpod.oval:def:204677
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a later upstream version: tomcat . Security Fix: * The Realm implementations did not process the supplied password if the supplied user name did not exist. This ...

oval:org.secpod.oval:def:502188
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:1502051
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:40403
The host is installed with Apache Tomcat 6.0 before 6.0.52, 7.x before 7.0.76, 8.x before 8.0.42, 8.5.x before 8.5.12 or 9.x before 9.0.0.M19 and is prone to an unspecified vulnerability. A flaw is present in the Application, which fails to handle pipelined requests. Successful exploitation could re ...

oval:org.secpod.oval:def:39740
The host is installed with Apache Tomcat 6.0.x to 6.0.47, 7.x to 7.0.72, 8.0.0 to 8.0.38, 8.5.x to 8.5.6 or 9.0.0.M1 to 9.0.0.M11 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which does not properly handle certain inconsistent HTTP request headers. Succ ...

oval:org.secpod.oval:def:501360
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ...

oval:org.secpod.oval:def:501362
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag lib ...

oval:org.secpod.oval:def:400782
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ...

oval:org.secpod.oval:def:20843
The host is installed with Apache Tomcat 6.0.x before 6.0.40, 7.x before 7.0.54 or 8.x before 8.0.6 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted web application. Successful exploitation allows remote attackers to (1) read ...

oval:org.secpod.oval:def:20841
The host is installed with Apache Tomcat 6.0.x before 6.0.40, 7.x before 7.0.53 or 8.x before 8.0.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which does not properly restrict XSLT stylesheets. Successful exploitation allows remote attackers to bypas ...

oval:org.secpod.oval:def:20842
The host is installed with Apache Tomcat 6.0.x before 6.0.40, 7.x before 7.0.53 or 8.x before 8.0.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted Content-Length HTTP header. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:33120
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catal ...

oval:org.secpod.oval:def:33119
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows re ...

oval:org.secpod.oval:def:20839
The host is installed with Apache Tomcat 6.0.x before 6.0.40, 7.x before 7.0.53 or 8.x before 8.0.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed chunk size in chunked transfer coding of a request. Successful exploitation all ...

oval:org.secpod.oval:def:501564
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ...

oval:org.secpod.oval:def:108433
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:501570
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ...

oval:org.secpod.oval:def:400638
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ...

oval:org.secpod.oval:def:602436
Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

oval:org.secpod.oval:def:1501007
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ...

oval:org.secpod.oval:def:501880
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ...

oval:org.secpod.oval:def:33124
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. S ...

oval:org.secpod.oval:def:204023
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ...

oval:org.secpod.oval:def:1501600
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:1901153
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an ap ...

oval:org.secpod.oval:def:1501935
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:112317
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:112319
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1900516
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reachJMX ports. The issue exists because this listener wasn"t updated for consistency with ...

oval:org.secpod.oval:def:1900514
When a Security Manager is configured, a web application"s ability to readsystem properties should be controlled by the Security Manager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configura ...

oval:org.secpod.oval:def:1900565
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a differe ...

oval:org.secpod.oval:def:1501829
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501959
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502011
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid character ...

oval:org.secpod.oval:def:1900483
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible ...

oval:org.secpod.oval:def:1901346
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

oval:org.secpod.oval:def:1501655
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:204119
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:501905
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

CVE    66
CVE-2007-0450
CVE-2007-1355
CVE-2007-2450
CVE-2007-2449
...
*CPE
cpe:/a:apache:tomcat:6.0.4

© SecPod Technologies