exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2021-30640

Status Candidate

Overview

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

Related Files

Gentoo Linux Security Advisory 202208-34
Posted Aug 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-25122, CVE-2021-25329, CVE-2021-30639, CVE-2021-30640, CVE-2021-33037, CVE-2021-42340, CVE-2022-34305
SHA-256 | 077be2b54802b552aa2444c9d86f7b9f2b66179442ffb4c75ef491cd837caab4
Red Hat Security Advisory 2022-1179-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1179-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.5.10 serves as a replacement for Red Hat support for Spring Boot 2.4.9, and includes bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-20289, CVE-2021-30640, CVE-2021-33037, CVE-2021-3597, CVE-2021-3629, CVE-2021-3642, CVE-2021-3859, CVE-2021-41079, CVE-2021-42340
SHA-256 | 85b8d4f687468f2d182c49d4c89778120f0a1b9edb98b4a99798cd35870ff9fd
Red Hat Security Advisory 2021-4861-06
Posted Dec 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4861-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-30640, CVE-2021-33037, CVE-2021-42340
SHA-256 | 7dbd69f0e97fd21832d1b2e2ba993f10af54561063a247a7e25f83c53a04b080
Red Hat Security Advisory 2021-4863-06
Posted Dec 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4863-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-30640, CVE-2021-33037, CVE-2021-42340
SHA-256 | 58f5a47585e63d5de90a2072fe361e8c539c5a335cf05e959d27f16c183a5619
Debian Security Advisory 4984-1
Posted Oct 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4984-1 - Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-30640, CVE-2021-41079
SHA-256 | 6488b004ab2f9591ba5d76915b988b96c1d460fdc656175d210e224d5d780dca
Debian Security Advisory 4952-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4952-1 - Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30640, CVE-2021-33037
SHA-256 | a979059d294f12b3682119262569f6b694fd38574412bff91d56a295359b1332
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close