exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Apache Tomcat Information Disclosure And Availability
Posted Jul 16, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.18, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated.

tags | advisory, web, info disclosure
advisories | CVE-2011-2526
SHA-256 | 74bcc8fd613635840905f130972f0216bb8281906fd6fe8ef93ea6151da404a8

Related Files

Secunia Security Advisory 45784
Posted Sep 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for tomcat5. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions or cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, suse
SHA-256 | 725835f0b8200baa1c5ff6520e1ccd5edc757350074ac89114435b2ae35db398
Secunia Security Advisory 45828
Posted Sep 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions or cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, suse
SHA-256 | e6adcad66151c9abb43254084d704ac68d444dede12d3b4db61c0ceecaeb652b
Secunia Security Advisory 45748
Posted Aug 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.

tags | advisory
SHA-256 | 1647031376a460470a3fb43fc11dc01cf34c8685cd134665e48615040fc33a9b
Apache Tomcat Authentication Bypass / Information Disclosure
Posted Aug 30, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, and 5.5.0 through 5.5.33 suffer from authentication bypass and information disclosure vulnerabilities. suffers from a bypass vulnerability.

tags | advisory, vulnerability, bypass, info disclosure
advisories | CVE-2011-3190
SHA-256 | 2ee8b9f61192ed9b6c238b4866e0eb6474b9a65b0900eb574304072c40570300
Secunia Security Advisory 45597
Posted Aug 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious users to disclose sensitive information or manipulate certain data.

tags | advisory
SHA-256 | 3300b2a72d67e49d0dc8033e0d4ea47f06c658f349bf2598978f50222cb0a1bd
Secunia Security Advisory 45641
Posted Aug 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Apache Tomcat, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | 8ce65ce527feeb72d78afd36fa1ba66a60db8c9f84546c1364dc678a1dfbec0f
Apache Tomcat 7.0.0 Through 7.0.16 Information Disclosure
Posted Aug 13, 2011
Authored by Mark Thomas | Site tomcat.apache.org

The re-factoring of XML validation for Tomcat 7.0.x re-introduced the vulnerability previously reported as CVE-2009-0783. This was initially reported as a memory leak. If a web application is the first web application loaded, this bug allows that web application to potentially view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance.

tags | advisory, web, memory leak
advisories | CVE-2011-2481
SHA-256 | 54747af0d523a8fd91e9e58fe9cb74c0f778712fbe3279249f9ed12c6a6e8cbd
Commons Daemokn Fails To Drop Capabilities
Posted Aug 12, 2011
Authored by Mark Thomas, Wilfried Weissmann | Site tomcat.apache.org

Due to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. Tomcat versions 7.0.0 to 7.0.19, 6.0.30 to 6.0.32, and 5.5.32 to 5.5.33 are affected.

tags | advisory
systems | linux
advisories | CVE-2011-2729
SHA-256 | 5e5ee821c342e72c13dbf3604b54d2d2c8e9ea11f60cb87dd9f1177cc2886a15
Secunia Security Advisory 45232
Posted Jul 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | ec8be9fad1a42c75766431de556bde958bcc7b1df0eb947bc27ced7dc317a221
Apache Tomcat Information Disclosure
Posted Jun 28, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.

tags | advisory, info disclosure
advisories | CVE-2011-2204
SHA-256 | 7a80993fa95b9f47eee4ae0503000895c8bbabe47be709a7b2c40ebbd2b0a13b
Secunia Security Advisory 44981
Posted Jun 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Apache Tomcat, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | 04e7f482da073877a27dd879f905c63d8c30b351f5b9ef850c162b652f3ee9d2
Secunia Security Advisory 44653
Posted May 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.

tags | advisory, local, vulnerability, xss
systems | linux, redhat
SHA-256 | 403bcdd3f22a1333e72370771c99d1b708cadda15791b2b1b640c36371d2c618
Secunia Security Advisory 44612
Posted May 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | e80bc45344a11a55b1e887a732dfc00a1ee8d88c01036c00435e9d5de8a6b1dc
Apache Tomcat Security Constraint Bypass
Posted May 18, 2011
Authored by Mark Thomas | Site tomcat.apache.org

An error in the fixes for CVE-2011-1088 and CVE-2011-1183 for Apache Tomcat versions 7.0.12 and 7.0.13 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly.

tags | advisory
advisories | CVE-2011-1582
SHA-256 | 5efbd3f498ede2bda6b9290b7f562b7c49af656ee28cd64954d0fd3af57a0e89
Apache Tomcat 7.0.11 Information Disclosure
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.

tags | advisory, web
advisories | CVE-2011-1475
SHA-256 | 501487f42ce2fb5f3296da2502f12843f17bb597d28ef9115797ae26e604495d
Apache Tomcat 7.0.11 Security Constraint Bypass
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

A regression in the Apache Tomcat version 7.0.11 fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.

tags | advisory, web
advisories | CVE-2011-1183
SHA-256 | f6b2b096dcc36a205b8bfec2257398759e64fec7afb1afb2949dc551b477a0f8
HP Security Bulletin HPSBUX02645 SSRT100387
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02645 SSRT100387 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow cross-site scripting (XSS), or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
SHA-256 | 7dbe07b505311e3b0fd76cccc4c6f626897f6c143d90407adb967195b67fd761
Secunia Security Advisory 43888
Posted Mar 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss
systems | linux, ubuntu
SHA-256 | b67d24f01a679ff2f0d476c508d2ec133aa3e35ca21d9426e9b66d7ab9957aa4
Secunia Security Advisory 43863
Posted Mar 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious users to disclose sensitive information and manipulate certain data and by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | b32785b886596f1ca523adfff672fc6f0ad0fc484d2f2a38f71688f417ea5180
Debian Security Advisory 2207-1
Posted Mar 30, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2207-1 - Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal.

tags | advisory, denial of service, vulnerability, xss, info disclosure
systems | linux, debian
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227
SHA-256 | 5c4dd5ef21c9a6c2c4831755da943d32c7912b393cfbacd027bf90286862032f
Ubuntu Security Notice USN-1097-1
Posted Mar 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1097-1 - It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service.

tags | advisory, remote, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2010-3718, CVE-2011-0013, CVE-2011-0534
SHA-256 | affa18051becc121040b13af705845364918ff2478b4a20b6a34eadba75cede8
Secunia Security Advisory 43546
Posted Mar 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss
systems | linux, suse
SHA-256 | 6376172b2996ac84b4a0c6c03e4cfe91602744d9d05a1924c2c1901a0f29dea5
Apache Tomcat Security Constraint Bypass
Posted Mar 16, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a security constraint bypass vulnerability. When a web application was started, @ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. Versions 7.0.0 through 7.0.10 are affected.

tags | advisory, web, bypass
advisories | CVE-2011-1088
SHA-256 | 8a459ba580bcdf3eabe89c5db1e97f2e14dcd5d7d4fae110537f27c2bec83699
Secunia Security Advisory 43731
Posted Mar 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for tomcat5 and tomcat6. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | c69916d0ba09d11f08bb37cd60782d5b1e6be7aaf7ea82b0f648f29fa3f283ff
Secunia Security Advisory 43694
Posted Mar 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for tomcat5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | cb0ce35ccd72c641a14fe51855c304a5a5c9270c686cbe3ed976a649f450f030
Page 3 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close