Download
| Alert*
oval:org.secpod.oval:def:63880
libtomcat9-java is installed oval:org.secpod.oval:def:93317 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:610505 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:10000572 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the poss ... oval:org.secpod.oval:def:613063 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the poss ... oval:org.secpod.oval:def:612740 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 . A wrong value for the overheadcount variable forced HTTP2 connections to close early. oval:org.secpod.oval:def:95230 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998 Denial of service. Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, the ... oval:org.secpod.oval:def:95234 The patch to address CVE-2023-44487 was incomplete and caused a regression when using asynchronous I/O . DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. oval:org.secpod.oval:def:95236 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 . A wrong value for the overheadcount variable forced HTTP2 connections to close early. |