Download
| Alert*
oval:org.secpod.oval:def:89044130
This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system . - CVE-2021-25122: Apache Tomcat h2c request mix-up - CVE-2021-25329: Complete fix for CVE-2020-9484 oval:org.secpod.oval:def:89044203 This update for tomcat fixes the following issues: - CVE-2021-25329: Complete fix for CVE-2020-9484 oval:org.secpod.oval:def:89044122 This update for tomcat fixes the following issues: - CVE-2021-25122: Apache Tomcat h2c request mix-up - CVE-2021-25329: Complete fix for CVE-2020-9484 oval:org.secpod.oval:def:89044118 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up * CVE-2021-25329: Complete fix for CVE-2020-9484 - Log if file access is blocked due to symlinks: CVE-2021-24122 oval:org.secpod.oval:def:71235 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1601429 A deserialization flaw was discovered in Apache Tomcat"s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:87184 The host is installed with Apache Tomcat 10.0.0-M1 through 10.0.0, 9.0.0.M1 through 9.0.41, 7.0.x through 7.0.107 or 8.5.x through 8.5.61 and is prone to a remote code execution vulnerability. A flaw is present in application, which fails to properly handle issues in PersistenceManager. On successfu ... oval:org.secpod.oval:def:605490 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service. oval:org.secpod.oval:def:89044186 This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 . - CVE-2021-24122: Fixed an information disclosure . - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request . oval:org.secpod.oval:def:1701732 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. |