Download
| Alert*
oval:org.secpod.oval:def:71235
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:705055 tomcat9 is installed oval:org.secpod.oval:def:705181 tomcat9 is installed oval:org.secpod.oval:def:605221 tomcat9 is installed oval:org.secpod.oval:def:605682 Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. oval:org.secpod.oval:def:74575 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. oval:org.secpod.oval:def:69854 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. oval:org.secpod.oval:def:2005277 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind ... oval:org.secpod.oval:def:605490 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:705179 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:58876 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:93317 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:2005276 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user nam ... oval:org.secpod.oval:def:610505 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:2005278 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this ... oval:org.secpod.oval:def:604836 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:61624 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:95234 The patch to address CVE-2023-44487 was incomplete and caused a regression when using asynchronous I/O . DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. oval:org.secpod.oval:def:95236 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 . A wrong value for the overheadcount variable forced HTTP2 connections to close early. oval:org.secpod.oval:def:612740 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 . A wrong value for the overheadcount variable forced HTTP2 connections to close early. oval:org.secpod.oval:def:95230 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... oval:org.secpod.oval:def:613063 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the poss ... |