[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:1600945
When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:1600909
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:116193
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:204892
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:1600906
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:1600855
Late application of security constraints can lead to resource exposure for unauthorised users:Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any U ...

oval:org.secpod.oval:def:1600856
Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. ...

oval:org.secpod.oval:def:204699
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:113662
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:502188
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:502190
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:113407
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:113408
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1502052
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502051
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204700
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:204545
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the remova ...

oval:org.secpod.oval:def:46905
The host is installed with Apache Tomcat 8.5.x before 8.5.16, 8.0.x before 8.0.45, 7.0.41 before 7.0.79 9.x before 9.0.0.M22 and is prone to a security bypass vulnerability. A flaw is present in the application which fails to handle a CORS Filter issue. Successful exploitation allows attackers to b ...

oval:org.secpod.oval:def:53088
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:53087
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:602966
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:602967
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:1501935
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113146
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:113143
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:502071
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the remova ...

oval:org.secpod.oval:def:1600740
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcats DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page

oval:org.secpod.oval:def:46897
The host is installed with Apache Tomcat 7.x before 7.0.78, 8.0.x before 8.0.44, 8.5.x before 8.5.15 or 9.x before 9.0.0.M21 and is prone to a security bypass vulnerability. A flaw is present in the security constraint defined by annotations of servlets. Successful exploitation exposes resources to ...

oval:org.secpod.oval:def:703934
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:1600778
1480618: Vary header not added by CORS filter leading to cache poisoningThe CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances

oval:org.secpod.oval:def:1900339
The error page mechanism of the Java Servlet Specification requires that,when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original H ...

oval:org.secpod.oval:def:1600732
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page

oval:org.secpod.oval:def:112510
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1600733
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page

oval:org.secpod.oval:def:51964
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:112509
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1700092
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

oval:org.secpod.oval:def:704166
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:502374
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:1502344
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2001597
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ...

oval:org.secpod.oval:def:114237
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:114236
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1600797
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution

oval:org.secpod.oval:def:53404
Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.

oval:org.secpod.oval:def:45753
The host is installed with Apache Tomcat 9.x before 9.0.9, 7.0.41 before 7.0.89, 8.x before 8.0.53 or 8.5.x before 8.5.32 and is prone to a security bypass vulnerability. A flaw is present in application, which fails to properly handle CORS filter settings issue. Successful exploitation allow attack ...

oval:org.secpod.oval:def:46881
The host is installed with Apache Tomcat 7.x before 7.0.82, 8.0.x before 8.0.47, 8.5.x before 8.5.23 or 9.0.0.M1 before 9.0.1 and is prone to an information disclosure vulnerability. A flaw is present in the readonly initialization parameter of the default servlet, when running with HTTP PUTs enable ...

oval:org.secpod.oval:def:46895
The host is installed with Apache Tomcat 7.x before 7.0.85, 8.0.x before 8.0.50, 8.5.x before 8.5.28 or 9.x before 9.0.5 and is prone to a security bypass vulnerability. A flaw is present in the security constraint definition with a URL pattern of the empty string. Successful exploitation allows att ...

oval:org.secpod.oval:def:46896
The host is installed with Apache Tomcat 7.x before 7.0.85, 8.0.x before 8.0.50, 8.5.x before 8.5.28 or 9.x before 9.0.5 and is prone to a security bypass vulnerability. A flaw is present in the security constraint defined by annotations of servlets. Successful exploitation exposes resources to user ...

oval:org.secpod.oval:def:52061
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:115028
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:2001509
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:115930
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:205171
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:52121
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:502624
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:704344
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:1901496
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:47875
The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 or 7.0.23 to 7.0.90 and is prone to an open redirection vulnerability. A flaw is present in the application which fails to handle the issue in default servlet which returned a redirect to a directory. Successful ex ...

oval:org.secpod.oval:def:1501959
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704098
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:51047
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

CVE    11
CVE-2017-5664
CVE-2017-7675
CVE-2017-7674
CVE-2018-1336
...
*CPE
cpe:/a:apache:tomcat:9.0.0:m19

© SecPod Technologies