what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 68 RSS Feed

Files from Mark Thomas

Email addressmarkt at apache.org
First Active2007-05-22
Last Active2017-04-10
Apache Tomcat 7.0.29 / 6.0.36 Denial Of Service
Posted May 10, 2013
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.29 and 6.0.0 through 6.0.36 are affected by a chunked transfer encoding extension size denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2013-3544
SHA-256 | 7b8a19be00ce9beba765f4af2ea6f609a46b4c63b7dc0253a2f02a2038b02112
Apache Tomcat 7.0.32 / 6.0.36 Session Fixation
Posted May 10, 2013
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.32 and 6.0.21 through 6.0.36 are affected by a session fixation vulnerability. FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. This attack has been prevented by changing the session ID prior to displaying the login page as well as after the user has successfully authenticated.

tags | advisory
advisories | CVE-2013-2067
SHA-256 | c8f95bbcb876695ebd34e27d13ce0bb5f986515a5720bbeae4dd29d1525ffba1
Apache Tomcat CSRF Prevention Filter Bypass
Posted Dec 5, 2012
Authored by Mark Thomas | Site tomcat.apache.org

The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.31 are affected.

tags | advisory
advisories | CVE-2012-4431
SHA-256 | 74e285db6d16f94ed3552ccea4024d4d096965cbcd236bc2ba5d83beab7e0fda
Apache Tomcat Security Bypass
Posted Dec 5, 2012
Authored by Mark Thomas | Site tomcat.apache.org

When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 are affected.

tags | advisory
advisories | CVE-2012-3546
SHA-256 | 1f71f1e689097b01826957ede5576c3f27e8009359fb6acaa921b0e52b63fe43
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Dec 5, 2012
Authored by Mark Thomas, Arun Neelicattu | Site tomcat.apache.org

When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-4534
SHA-256 | 6afeb9d776681b81c074822aa40b6c5c5f366a02d179b63da64bea40dbcc6900
Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses
Posted Nov 6, 2012
Authored by Mark Thomas, Tilmann Kuhn | Site tomcat.apache.org

Three weaknesses in Apache Tomcat's implementation of DIGEST authentication were identified and resolved. Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were not checked before when indicating that a nonce was stale. Tomcat versions 5.5.0 through 5.5.35, 6.0.0 through 6.0.35, and 7.0.0 through 7.0.29 are affected.

tags | advisory
advisories | CVE-2012-3439
SHA-256 | f21889923bf7d5548e26d54f6d23a9e7cb97188d566be43efdeb034fc1ccc1d2
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Nov 6, 2012
Authored by Mark Thomas, Josh Spiewak | Site tomcat.apache.org

Apache Tomcat suffers from a denial of service vulnerability. The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. Tomcat versions 6.0.0 through 6.0.34 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-2733
SHA-256 | 4b381434f76f5509cd4b1e048e50886bad81c0880d9575db95a7a732d9839225
Apache Tomcat Large Number Denial Of Service
Posted Jan 18, 2012
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.22, 6.0.0 through 6.0.33 and 5.5.0 through 5.5.34 suffer from a denial of service vulnerability. Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.

tags | advisory, denial of service
advisories | CVE-2011-0022
SHA-256 | 91683493631ac17694efb967a6ef7a95ecd52cfe845509e1adf11897be5f34ba
Apache Tomcat Request Information Disclosure
Posted Jan 18, 2012
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.

tags | advisory, remote, web, info disclosure
advisories | CVE-2011-3375
SHA-256 | 695b51d032225ec928c8519f49f22751af65d121b0245e9711e796b1c5d80457
Apache Tomcat 7.0.21 Privilege Escalation
Posted Nov 9, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.21 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2011-3376
SHA-256 | db98c999e09c8cf10202b3881bc76f4cc618f165fad71787b048134ae1a131ca
Apache Tomcat HTTP Digest Authentication
Posted Sep 27, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.

tags | advisory, web
advisories | CVE-2011-1184
SHA-256 | ef0d4c069ff5eff4da4c340335c5058fa7ef92b1e2389cb6c9849ef1c1a08c00
Apache Tomcat Authentication Bypass / Information Disclosure
Posted Aug 30, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, and 5.5.0 through 5.5.33 suffer from authentication bypass and information disclosure vulnerabilities. suffers from a bypass vulnerability.

tags | advisory, vulnerability, bypass, info disclosure
advisories | CVE-2011-3190
SHA-256 | 2ee8b9f61192ed9b6c238b4866e0eb6474b9a65b0900eb574304072c40570300
Apache Tomcat 7.0.0 Through 7.0.16 Information Disclosure
Posted Aug 13, 2011
Authored by Mark Thomas | Site tomcat.apache.org

The re-factoring of XML validation for Tomcat 7.0.x re-introduced the vulnerability previously reported as CVE-2009-0783. This was initially reported as a memory leak. If a web application is the first web application loaded, this bug allows that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance.

tags | advisory, web, memory leak
advisories | CVE-2011-2481
SHA-256 | 54747af0d523a8fd91e9e58fe9cb74c0f778712fbe3279249f9ed12c6a6e8cbd
Commons Daemokn Fails To Drop Capabilities
Posted Aug 12, 2011
Authored by Mark Thomas, Wilfried Weissmann | Site tomcat.apache.org

Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. Tomcat versions 7.0.0 to 7.0.19, 6.0.30 to 6.0.32, and 5.5.32 to 5.5.33 are affected.

tags | advisory
systems | linux
advisories | CVE-2011-2729
SHA-256 | 5e5ee821c342e72c13dbf3604b54d2d2c8e9ea11f60cb87dd9f1177cc2886a15
Apache Tomcat Information Disclosure And Availability
Posted Jul 16, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.18, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated.

tags | advisory, web, info disclosure
advisories | CVE-2011-2526
SHA-256 | 74bcc8fd613635840905f130972f0216bb8281906fd6fe8ef93ea6151da404a8
Apache Tomcat Information Disclosure
Posted Jun 28, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.

tags | advisory, info disclosure
advisories | CVE-2011-2204
SHA-256 | 7a80993fa95b9f47eee4ae0503000895c8bbabe47be709a7b2c40ebbd2b0a13b
Apache Tomcat Security Constraint Bypass
Posted May 18, 2011
Authored by Mark Thomas | Site tomcat.apache.org

An error in the fixes for CVE-2011-1088 and CVE-2011-1183 for Apache Tomcat versions 7.0.12 and 7.0.13 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly.

tags | advisory
advisories | CVE-2011-1582
SHA-256 | 5efbd3f498ede2bda6b9290b7f562b7c49af656ee28cd64954d0fd3af57a0e89
Apache Tomcat 7.0.11 Information Disclosure
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.

tags | advisory, web
advisories | CVE-2011-1475
SHA-256 | 501487f42ce2fb5f3296da2502f12843f17bb597d28ef9115797ae26e604495d
Apache Tomcat 7.0.11 Security Constraint Bypass
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

A regression in the Apache Tomcat version 7.0.11 fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.

tags | advisory, web
advisories | CVE-2011-1183
SHA-256 | f6b2b096dcc36a205b8bfec2257398759e64fec7afb1afb2949dc551b477a0f8
Apache Tomcat Security Constraint Bypass
Posted Mar 16, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a security constraint bypass vulnerability. When a web application was started, @ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. Versions 7.0.0 through 7.0.10 are affected.

tags | advisory, web, bypass
advisories | CVE-2011-1088
SHA-256 | 8a459ba580bcdf3eabe89c5db1e97f2e14dcd5d7d4fae110537f27c2bec83699
Apache Tomcat Manager Cross Site Scripting
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat Manager suffers from a cross site scripting vulnerability. Versions 7.0.0 through 7.0.5, 6.0.0 through 6.0.29, and 5.5.0 through 5.5.31 are affected.

tags | exploit, xss
advisories | CVE-2011-0013
SHA-256 | f1d6975cfebbf222ecd6a4aa94a471ca527dafbf700da35303c356d06cb6541f
Apache Tomcat Denial Of Service
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.

tags | advisory, web
advisories | CVE-2011-0534
SHA-256 | e7004df83ea4d14298bf16264423c22562ace05dd7a2dedff8a0b2dc00f176fb
Oracle JVM / Apache Tomcat Denial Of Service
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

An Oracle JVM bug can cause a denial of service condition in Apache Tomcat. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale() or javax.servlet.ServletRequest.getLocales().

tags | advisory, denial of service
SHA-256 | bb7e476455b13103c1b42906a2ce4f60cca8e94d51b3103f036833820c1bd33b
Apache Tomcat Local Bypass
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a local bypass a of Security Manager file permissions. Versions from 7.0.0, 6.0.0 and 5.5.0 are affected.

tags | advisory, local
advisories | CVE-2010-3718
SHA-256 | d2f9d707163a4a48bea1bcaecc3731d3d4a8ab63268d9b9e514e199066bda9b5
Apache Tomcat Manager Cross Site Scripting
Posted Nov 23, 2010
Authored by Mark Thomas | Site tomcat.apache.org

The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.

tags | advisory, xss
advisories | CVE-2010-4172
SHA-256 | 486777c2531b3377eea0df5a8570190ea9f8e536d75e7989f9c974dc66148c85
Page 2 of 3
Back123Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close