Download
| Alert*
oval:org.secpod.oval:def:19500487
Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:1507252 [1:9.0.62-27.2] - Open Redirect vulnerability in FORM authentication - FileUpload: DoS due to accumulation of temporary files on Windows - improper cleaning of recycled objects could lead to information leak - incorrectly parsed http trailer headers can cause request smuggling oval:org.secpod.oval:def:2600489 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:89051054 This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup . * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers . oval:org.secpod.oval:def:89051096 This update for tomcat fixes the following issues: * CVE-2023-42795: Fixed a potential information leak due to insufficient cleanup . * CVE-2023-45648: Fixed a request smuggling issue due to an incorrect parsing of HTTP trailer headers . * CVE-2023-41080: Fixed URL Redirection to Untrusted Site vul ... oval:org.secpod.oval:def:2501310 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. oval:org.secpod.oval:def:1507288 [1:9.0.62-37.el9_3.1] - Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication - Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling - Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accu ... oval:org.secpod.oval:def:93808 The host is installed with Apache Tomcat 11.0.0-M1 through 11.0.0-M11, 10.1.0-M1 through 10.1.13, 9.0.0-M1 through 9.0.80 or 8.5.0 through 8.5.93 and is prone to an improper input validation vulnerability. A flaw is present in the application, which fails to properly parse HTTP trailer headers. Succ ... oval:org.secpod.oval:def:509093 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: tomcat: Open Redirect vulnerability in FORM authentication tomcat: FileUpload: DoS due to accumulation of temporary files on Windows tomcat: improper cleaning of recycled objects could lead ... oval:org.secpod.oval:def:509076 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: tomcat: Open Redirect vulnerability in FORM authentication tomcat: FileUpload: DoS due to accumulation of temporary files on Windows tomcat: improper cleaning of recycled objects could lead ... oval:org.secpod.oval:def:1702200 Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat ... oval:org.secpod.oval:def:1702199 Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat ... oval:org.secpod.oval:def:3302403 Security update for tomcat oval:org.secpod.oval:def:89051458 This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: * CVE-2023-45648: Improve trailer header parsing . * CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows . * CVE-2023-42795: Improve handling of failures during recycle methods . * CVE-2023-46589: Fixed HTT ... oval:org.secpod.oval:def:2108383 Oracle Solaris 11 - ( CVE-2023-31122 ) oval:org.secpod.oval:def:1507540 [1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS - Resolves: RHEL-35328 - Amend tomcat"s changelog oval:org.secpod.oval:def:2108423 Oracle Solaris 11 - ( CVE-2023-30584 ) oval:org.secpod.oval:def:95375 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-28709 Denial of Service. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exac ... oval:org.secpod.oval:def:612724 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-28709 Denial of Service. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exac ... oval:org.secpod.oval:def:1701846 Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:1701845 Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:612725 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... oval:org.secpod.oval:def:2108399 Oracle Solaris 11 - ( CVE-2023-44487 ) oval:org.secpod.oval:def:1601839 Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:95230 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... |