Download
| Alert*
oval:org.secpod.oval:def:1000492
The remote host is missing a patch 152510-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2103261 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:89043732 This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service . - CVE-2018-8034: The host name verif ... oval:org.secpod.oval:def:2501013 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. oval:org.secpod.oval:def:1000565 The remote host is missing a patch 152511-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1600909 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:70436 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:70430 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1600906 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:503302 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource e ... oval:org.secpod.oval:def:1504566 [0:7.0.76-9] - Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended expo sure of resources - Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Lat ... oval:org.secpod.oval:def:2001597 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:205275 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources * tomcat: Late application of security constraints can lead to resource e ... oval:org.secpod.oval:def:115028 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:45753 The host is installed with Apache Tomcat 9.x before 9.0.9, 7.0.41 before 7.0.89, 8.x before 8.0.53 or 8.5.x before 8.5.32 and is prone to a security bypass vulnerability. A flaw is present in application, which fails to properly handle CORS filter settings issue. Successful exploitation allow attack ... oval:org.secpod.oval:def:89977 The remote host is missing a patch 152511-09 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:503144 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix: * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up * tomcat: Insecure defaults in CORS fi ... oval:org.secpod.oval:def:1502663 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:604658 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:70429 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:704098 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:51047 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:61484 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:1700312 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. The URL pattern of quot;quot; which exactly maps to the context root was not ... |