UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.
976e244165fc9beb273d4e21c954c5135843e2b1fb28d129213c11847fd97471ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities.
be15df3bd0178cb4b549275b0607bdc8ef2f56fa239e3f196ae0efb687ac63efHP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
98b02b39e8efb68d6c260ae6b528aaa0975fbbdee2d8d7324a63f20b0db19b90The Oracle Containers For Java (OC4J) in the Oracle Application Server 10g suffers from a directory traversal vulnerability.
d382fb99ab02805477ef1961d910f2d0495189ba45d6a79eff38e57289168967This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.
e900270f78788247830b00a35c41b325144bc065b616b71c79bd1ef3ec0ed86bThe WiKID Strong Authentication server has released an update for the Tomcat server associated with this software. It updates Tomcat to 5.5.27 to address a large amount of vulnerabilities.
a8c41c441cc362473d836e2155189f3679c6855e0acebd1877d9082428c45e77Apache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.
336ae34f18a11aaa4141e2fcd7aeb318b8b924dd30a3de3cafb02c982c3cd061Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues.
671c266b622abcde147cced4d2ade0342dc354b1e14091c9d9d4d069b8cb34a4Apache Tomcat versions prior to 6.0.18 suffer from a directory traversal vulnerability.
a4627d264413d5c228e2b45310a653f9683c2975d1a995ec77da67395ba2d871
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed