Download
| Alert*
oval:org.secpod.oval:def:89045787
This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet . oval:org.secpod.oval:def:89045755 This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected ... oval:org.secpod.oval:def:89045797 This update for tomcat fixes the following issues: - CVE-2021-30640: Escape parameters in JNDI Realm queries . - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients . - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet . oval:org.secpod.oval:def:86450 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1601464 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer en ... oval:org.secpod.oval:def:2107016 Oracle Solaris 11 - ( CVE-2021-30640 ) oval:org.secpod.oval:def:74575 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. oval:org.secpod.oval:def:706379 tomcat9: Apache Tomcat 9 - Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:73951 The host is installed with Apache Tomcat 10.0.0-M1 through 10.0.6, 9.0.0.M1 through 9.0.46 or 8.5.0 through 8.5.66 and is prone to a HTTP request smuggling vulnerability. A flaw is present in application, which fails to properly parse the HTTP transfer-encoding request header in some circumstances. ... oval:org.secpod.oval:def:605596 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. oval:org.secpod.oval:def:1701676 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Apache Tomcat ... oval:org.secpod.oval:def:1701796 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer en ... oval:org.secpod.oval:def:1702109 Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue oval:org.secpod.oval:def:1702089 Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue oval:org.secpod.oval:def:19500075 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using ... oval:org.secpod.oval:def:89979 The remote host is missing a patch 152511-11 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:89976 The remote host is missing a patch 152510-11 containing a security fix. For more information please visit the reference link. |