A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.
48b4baae72e4661c4b353acd11d8fe15Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.
49d91e02ee8dc19d984eae0669deeb5fPHP socket connect() stack buffer overflow proof of concept code.
fddfcef57c1ae3d3317eb501f29dab53An error in the fixes for CVE-2011-1088 and CVE-2011-1183 for Apache Tomcat versions 7.0.12 and 7.0.13 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly.
51fff8d6f9d21c8fb4ac968c9a5a2e51cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
d49e7322703045d32e741ed172be5e69cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
ac94c661c820a3a60fc4be28c23a5cc0Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.
085e762a7d40dcfa9a273b6855555f99A regression in the Apache Tomcat version 7.0.11 fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.
0980425b255a7636cac825013b841b85Apache Tomcat suffers from a security constraint bypass vulnerability. When a web application was started, @ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. Versions 7.0.0 through 7.0.10 are affected.
3e29d8f14872b74458314b7472e8c8aeA request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
5c36aceb17edc3187785dac6f101faceApache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.
2bd9d355e5cecdbba70d5b3f29382f8dA request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
09e317e35e26263a626c5d31513d7a74Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.
cf333be8a534d8e8100eaef2213d881eApache Tomcat suffers from a local bypass a of Security Manager file permissions. Versions from 7.0.0, 6.0.0 and 5.5.0 are affected.
107b271fcf16f33e14987e888121d6d1Apache CouchDB versions 0.8.0 through 1.0.1 suffer from a cross site scripting vulnerability.
d0d3d927bcc86a3954a1f823c24627bfcvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
1d52797e80a5c7ec547f421f3d9f0209The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.
315a8036e67802e9c0704e15dd03fd12cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
f065dac607eb7ef7f7554bc74ad09efbLinux kernel versions prior to 2.6.36-rc6 pktcdvd kernel memory disclosure exploit.
bd262a32a99c96cc365a054ad47cdf65cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
0e7c5d0504b2ddc2e069ee1d3e0b7eddcvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
d6c5e5538ebcc6e87a24a1ff70d38942cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
83ec8494760832e1e391601aa0a612e7cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
1de655f957214c0c9da92df1fadce655Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
65d8869788216e6c830f5184962e2e09cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
10d25a36b8ae26465de794551a8fd3c8Apache Tomcat suffers from denial of service and information disclosure vulnerabilities. Versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 are affected.
c6c324200350deaf9fdba926a4f1be01
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed