Download
| Alert*
oval:org.secpod.oval:def:1701740
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind ... oval:org.secpod.oval:def:89000030 This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability . - CVE-2020-13935: Fixed a WebSocket DoS . oval:org.secpod.oval:def:604836 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:89000392 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling . - CVE-2020-1935: Fixed an HTTP Request Smuggling issue . - CVE-2020-1938: Fix ... oval:org.secpod.oval:def:705571 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:205701 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other r ... oval:org.secpod.oval:def:1701547 A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inval ... oval:org.secpod.oval:def:604824 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector . oval:org.secpod.oval:def:63512 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector . oval:org.secpod.oval:def:505176 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other r ... oval:org.secpod.oval:def:1601404 A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inval ... oval:org.secpod.oval:def:63519 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector or a man-in-the-middle attack against the JMX interface. oval:org.secpod.oval:def:504689 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:2500205 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:89978 The remote host is missing a patch 152511-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89975 The remote host is missing a patch 152510-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:61583 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an HTTP request smuggling vulnerability. A flaw is present in application, which fails to properly handle an improper end-of-line parsing. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:1601112 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:1601117 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:89043860 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams . - CVE-2019-12418: Fixed a local privilege escalation by manipulating the ... oval:org.secpod.oval:def:1601387 A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inval ... oval:org.secpod.oval:def:67063 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:2105813 Oracle Solaris 11 - ( CVE-2019-17569 ) oval:org.secpod.oval:def:1503104 The advisory is missing the security advisory description. For more information please visit the reference link |