Download
| Alert*
oval:org.secpod.oval:def:205461
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, re ... oval:org.secpod.oval:def:205462 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, re ... oval:org.secpod.oval:def:1903459 When using the Apache JServ Protocol , care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may b ... oval:org.secpod.oval:def:1701740 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind ... oval:org.secpod.oval:def:89000300 This update for tomcat fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability . oval:org.secpod.oval:def:89000425 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server . - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect . - CVE-2020-1938: mod_proxy_ajp: Add quot;secretquot; parameter to proxy ... oval:org.secpod.oval:def:89000417 This update for tomcat6 fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability . oval:org.secpod.oval:def:61624 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:61584 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:89000213 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server . - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect . - CVE-2020-1938: mod_proxy_ajp: Add quot;secretquot; parameter to proxy ... oval:org.secpod.oval:def:503560 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, re ... oval:org.secpod.oval:def:1700312 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. The URL pattern of quot;quot; which exactly maps to the context root was not ... oval:org.secpod.oval:def:1502847 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000683 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server . - CVE-2020-1938: mod_proxy_ajp: Add quot;secretquot; parameter to proxy workers to implement legacy AJP13 authentication . oval:org.secpod.oval:def:503570 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, re ... oval:org.secpod.oval:def:1502850 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:61640 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:604836 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:89000392 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling . - CVE-2020-1935: Fixed an HTTP Request Smuggling issue . - CVE-2020-1938: Fix ... oval:org.secpod.oval:def:604824 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector . oval:org.secpod.oval:def:63512 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector . oval:org.secpod.oval:def:63519 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:504689 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:89978 The remote host is missing a patch 152511-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89975 The remote host is missing a patch 152510-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1601112 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:1601117 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:89043860 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams . - CVE-2019-12418: Fixed a local privilege escalation by manipulating the ... oval:org.secpod.oval:def:2105813 Oracle Solaris 11 - ( CVE-2019-17569 ) |