[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 43198 Download | Alert*

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: Unprivileged users can renew any certificate * pki-core: XSS in the certificate search results * pki-core: Reflected XSS in "path length" constraint field in CA"s Agent page * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA"s DRM agent page in aut ...

Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742 , which addressed the CRLF ve ...

A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be placed in the pool twice. This issue results in subsequent connections using the same object concurrently, ...

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. The URL pattern of quot;quot; which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0. ...

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim"s browser. It was found that the Key Recovery Authority Agent Service did not properly sanitize recovery request search page, enabling a ...

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` m ...

jQuery before 1.9.0 is vulnerable to Cross-site Scripting attacks. The jQuery function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the 'less than' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery on ...

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manne ...


Pages:      Start    1293    1294    1295    1296    1297    1298    1299    1300    1301    1302    1303    1304    1305    1306    ..   4319

© SecPod Technologies