Download
| Alert*
oval:org.secpod.oval:def:700170
It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted. oval:org.secpod.oval:def:301133 Multiple vulnerabilities has been found and corrected in tomcat5: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. in an entry in a WAR file, as demonstrated by a ../../bin/catali ... oval:org.secpod.oval:def:301162 Multiple vulnerabilities has been found and corrected in tomcat5: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle double quote characters or \%5C sequences in a cookie value, which might cause sensitive information such as session IDs t ... oval:org.secpod.oval:def:20829 The host is installed with Apache Tomcat 5.5.0 through 5.5.28 or 6.0.0 through 6.0.20 and is prone to security bypass vulnerability. A flaw is present in the application, which fails handle HTTP requests. Successful exploitation allows remote attackers to bypass intended authentication requirements. oval:org.secpod.oval:def:3857 The host is installed with Apple Mac OS X Server before 10.6.3 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to prevent deployment of appBase files that remain from a failed undeploy. Successful exploitation could allow remote attackers to ... |