Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.
bb1e647fa42f38704fbcd2b6ff10735507518a390af17287d786d4d0cef46102Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
586eca4f5ac4ca20d495e510bd4240f87e2caec95b0525e93efdd8b31a455a34Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.
724049f922fdcaed76bab946a48ccfcb9b0e1d275e3effd77f8cf41f47d39f4aDebian Linux Security Advisory 4727-1 - Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service.
274e4c80814502db86cc265c09af8e2c5a452a989f7b07f672b7faaeb0c48ce7Red Hat Security Advisory 2020-3017-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.15 serves as a replacement for Red Hat support for Spring Boot 2.1.13, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution and deserialization vulnerabilities.
9dbd3f39e29175e22d81e2fc4cdba8714c308655dbe6e47e25670d5c382db2feGentoo Linux Security Advisory 202006-21 - A vulnerability has been discovered in Apache Tomcat which could result in the arbitrary execution of code. Versions less than 7.0.104:7 are affected.
4e91ca0fbc04224da0c0118ffbafc25e0bea5b24bcc0534b90146f8897b2f254Red Hat Security Advisory 2020-2529-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
6ea8239ae1b0f8945b80aa7f592e1eb4821f3bd6dba7f94b7ba6dd99688023c6Red Hat Security Advisory 2020-2530-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Issues addressed include a deserialization vulnerability.
3986f36b9e430d29eba185045adfc2f7f571b61c422bc68975c7ca7df03228f2Red Hat Security Advisory 2020-2509-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
ec522dbde4e24e430dfeeda0dd7ff7293535495da966add56394d87e054d2c29Red Hat Security Advisory 2020-2506-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
a8ecd6fa2f10502b15c65a9331f1f580113eb942a43faddf5b1bd51c8f250c6bRed Hat Security Advisory 2020-2487-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
cfa89d4282c8070dc5e707d86f65f85457857ea18206c62c965d8ba7405a1146Red Hat Security Advisory 2020-2483-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
a28a57ffee87bfd69b9b26a82d005ec4bf86f286877cf7f6ad2e34dbe6065e83Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.
5db34fe7e7adcdfc030cf05662a1514025c97b95bc660d4698e532b08ba58604
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed