Download
| Alert*
oval:org.secpod.oval:def:63489
The host is installed with Apache Tomcat 10.x before 10.0.0-M5, 9.x before 9.0.35, 7.x before 7.0.104 or 8.5.x before 8.5.55 and is prone to a remote code execution vulnerability. A flaw is present in application, which fails to properly handle issues in PersistenceManager. Successful exploitation a ... oval:org.secpod.oval:def:503780 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: deserialization flaw in session persistence storage leading to RCE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:503781 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: deserialization flaw in session persistence storage leading to RCE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:89043865 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:64055 Oracle Solaris 11 - ( CVE-2020-9484 ) oval:org.secpod.oval:def:1601429 A deserialization flaw was discovered in Apache Tomcat"s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:1601428 A deserialization flaw was discovered in Apache Tomcat"s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:1601143 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a oval:org.secpod.oval:def:1601146 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a oval:org.secpod.oval:def:118377 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:118372 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:89000556 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at oval:org.secpod.oval:def:1701774 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:205582 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: deserialization flaw in session persistence storage leading to RCE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:1502948 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502949 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1701732 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:1700349 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a oval:org.secpod.oval:def:89000430 This update for tomcat fixes the following issues: CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code ... oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:86418 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-43980 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing concurrency bug that could cause client conn ... oval:org.secpod.oval:def:604923 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. oval:org.secpod.oval:def:89000364 This update for tomcat6 fixes the following issues: CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code ... oval:org.secpod.oval:def:610230 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-43980 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing concurrency bug that could cause client conn ... oval:org.secpod.oval:def:705709 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:67188 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:66719 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service. oval:org.secpod.oval:def:705571 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:67063 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat. |