what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 68 of 68 RSS Feed

Files from Mark Thomas

Email addressmarkt at apache.org
First Active2007-05-22
Last Active2017-04-10
Apache Tomcat Remote Denial Of Service / Information Disclosure
Posted Jul 10, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from denial of service and information disclosure vulnerabilities. Versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
advisories | CVE-2010-2227
SHA-256 | a5aff5aadf481acae877a1d2a5155229ecfe8e755377a60718db10961e4c55b6
Apache Tomcat Information Disclosure
Posted Apr 23, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from an information disclosure vulnerability. Versions 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 are affected.

tags | advisory, info disclosure
advisories | CVE-2010-1157
SHA-256 | 71b56d7d50c320916af3d9126ceb755d2f6a8367f5c73af2e17bdd580d4bbda4
Apache Tomcat Insecure Partial Deploy After Failed Undeploy
Posted Jan 26, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from an insecure partial deploy after failed deploy vulnerability.

tags | advisory
advisories | CVE-2009-2901
SHA-256 | 6e42d1072930b0a860fd427cec3601f44c65eee0533acddfbb5bb93668b5b599
Apache Tomcat Unexpected File Deletion In Work Directory
Posted Jan 26, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from an unexpected file deletion in work directory vulnerability. Versions 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 are affected.

tags | advisory
advisories | CVE-2009-2902
SHA-256 | b8916693e4e438f1e8ec19e93a66873769e5d428e6db947e2f31149843bb9c15
Apache Tomcat On Windows Blank Password
Posted Nov 17, 2009
Authored by Mark Thomas | Site tomcat.apache.org

The Apache Tomcat Windows installer insecurely leaves the default install with a blank administrator password. Versions 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 are affected.

tags | advisory
systems | windows
advisories | CVE-2009-3548
SHA-256 | f8608d7a6d60069ffab1e793f603c654c2740a90aa17b497d091322882ca16d5
Apache Tomcat Information Disclosure
Posted Jun 9, 2009
Authored by Mark Thomas | Site tomcat.apache.org

When using a RequestDispatcher obtained from the Request in Apache Tomcat, the target path was normalized before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | exploit, web
advisories | CVE-2008-5515
SHA-256 | c0a0a2a9804149cddfa6d775c7f68367d06311ea65f71bbd9aad52799158a793
Apache Tomcat Information Disclosure
Posted Jun 4, 2009
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a XML parser replacement related information disclosure vulnerability. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | advisory, info disclosure
advisories | CVE-2009-0783
SHA-256 | c2b64deb31914b487990416282c15bcbf60ade318ae9adeff66567f4a45f4d69
Apache Tomcat Denial Of Service
Posted Jun 4, 2009
Authored by Mark Thomas | Site tomcat.apache.org

If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | advisory, java, denial of service
advisories | CVE-2009-0033
SHA-256 | c1222adcdce7d85aa41a91cfdf45704103468dc97af6d891ef3a467ed12ed3c9
Tomcat Information Disclosure
Posted Jun 4, 2009
Authored by Mark Thomas | Site tomcat.apache.org

Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | advisory
advisories | CVE-2009-0580
SHA-256 | 23d04996953f18e735ec39419f21aa830d1507afe0c131cb6125bc7e54f441ba
Spring Framework Denial Of Service
Posted Apr 28, 2009
Authored by Mark Thomas

Spring Framework versions 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 suffer from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2009-1190
SHA-256 | 43ffa4a8c67305f4bb66e1c03bb625604fc3fa6c8224823165f49d924d7c103c
Tomcat Information Disclosure
Posted Feb 26, 2009
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-4308
SHA-256 | 768d53d9e66098ca1617ffada6c18d5bb474b2b3a0457418984e05a53b42a23e
Apache Tomcat Information Disclosure
Posted Dec 22, 2008
Authored by Mark Thomas | Site tomcat.apache.org

This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.

tags | advisory, root
systems | apple
advisories | CVE-2008-2938
SHA-256 | e900270f78788247830b00a35c41b325144bc065b616b71c79bd1ef3ec0ed86b
CVE-2008-3271.txt
Posted Oct 11, 2008
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 4.1.0 to 4.1.31 and 5.5.0 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-3271
SHA-256 | 465aad4edd5d33fc410a93390311c63759bed560f67aa892017afbf7cb22422b
CVE-2008-2938.txt
Posted Sep 10, 2008
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-2938
SHA-256 | 336ae34f18a11aaa4141e2fcd7aeb318b8b924dd30a3de3cafb02c982c3cd061
CVE-2007-3386.txt
Posted Aug 14, 2007
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 5.5.0 to 5.5.24 and 6.0.0 to 6.0.13 suffer from a cross site scripting vulnerability in the host manager functionality.

tags | exploit, xss
advisories | CVE-2007-3386
SHA-256 | 84aa48ad32c84fc16f0e577cc862d655e1f81b84b1b780d61e5ec1d8d0ba64d7
CVE-2007-3385.txt
Posted Aug 14, 2007
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle \ characters in cookies.

tags | advisory
advisories | CVE-2007-3385
SHA-256 | e5589b41bdac2a0cffbf674971524413fe5a6341732f9a0f585fadb94c8d0951
CVE-2007-3382.txt
Posted Aug 14, 2007
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle ' characters in cookies.

tags | advisory
advisories | CVE-2007-3382
SHA-256 | 41519194941a60fb4c6de2f97ec088ad75995c1dece7ff92c6a5b9b74e676145
CVE-2007-1355.txt
Posted May 22, 2007
Authored by Mark Thomas

The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10.

tags | exploit, web, vulnerability, xss
advisories | CVE-2007-1355
SHA-256 | 968c88845b898089e8b8029963655b7859cb75e7641ac130b217cc79a098793a
Page 3 of 3
Back123Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close