Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Informations
Name HPSBUX02860 SSRT101146 First vendor Publication 2013-03-28
Vendor HP Last vendor Modification 2013-03-28
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03716627

CWE : Common Weakness Enumeration

% Id Name
21 % CWE-264 Permissions, Privileges, and Access Controls
21 % CWE-200 Information Exposure
16 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
11 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
11 % CWE-20 Improper Input Validation
5 % CWE-399 Resource Management Errors
5 % CWE-255 Credentials Management
5 % CWE-189 Numeric Errors (CWE/SANS Top 25)
5 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10231
 
Oval ID: oval:org.mitre.oval:def:10231
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10422
 
Oval ID: oval:org.mitre.oval:def:10422
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5515
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10716
 
Oval ID: oval:org.mitre.oval:def:10716
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0783
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11041
 
Oval ID: oval:org.mitre.oval:def:11041
Title: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12517
 
Oval ID: oval:org.mitre.oval:def:12517
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12662
 
Oval ID: oval:org.mitre.oval:def:12662
Title: HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12745
 
Oval ID: oval:org.mitre.oval:def:12745
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12878
 
Oval ID: oval:org.mitre.oval:def:12878
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12879
 
Oval ID: oval:org.mitre.oval:def:12879
Title: DSA-2161-1 openjdk-6 -- denial of service
Description: It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
Family: unix Class: patch
Reference(s): DSA-2161-1
CVE-2010-4476
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12963
 
Oval ID: oval:org.mitre.oval:def:12963
Title: DSA-2207-1 tomcat5.5 -- several
Description: Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal
Family: unix Class: patch
Reference(s): DSA-2207-1
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
CVE-2009-2693
CVE-2009-2902
CVE-2010-1157
CVE-2010-2227
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12995
 
Oval ID: oval:org.mitre.oval:def:12995
Title: USN-899-1 -- tomcat6 vulnerabilities
Description: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.
Family: unix Class: patch
Reference(s): USN-899-1
CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13398
 
Oval ID: oval:org.mitre.oval:def:13398
Title: USN-976-1 -- tomcat6 vulnerability
Description: It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.
Family: unix Class: patch
Reference(s): USN-976-1
CVE-2010-2227
Version: 5
Platform(s): Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13787
 
Oval ID: oval:org.mitre.oval:def:13787
Title: USN-788-1 -- tomcat6 vulnerabilities
Description: Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files
Family: unix Class: patch
Reference(s): USN-788-1
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.04
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13969
 
Oval ID: oval:org.mitre.oval:def:13969
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14328
 
Oval ID: oval:org.mitre.oval:def:14328
Title: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4476
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14573
 
Oval ID: oval:org.mitre.oval:def:14573
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2526
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14589
 
Oval ID: oval:org.mitre.oval:def:14589
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14743
 
Oval ID: oval:org.mitre.oval:def:14743
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2729
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14931
 
Oval ID: oval:org.mitre.oval:def:14931
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14933
 
Oval ID: oval:org.mitre.oval:def:14933
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14945
 
Oval ID: oval:org.mitre.oval:def:14945
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15018
 
Oval ID: oval:org.mitre.oval:def:15018
Title: USN-1359-1 -- Tomcat vulnerabilities
Description: tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1359-1
CVE-2011-3375
CVE-2011-4858
CVE-2012-0022
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15171
 
Oval ID: oval:org.mitre.oval:def:15171
Title: USN-1298-1 -- Apache Commons Daemon vulnerability
Description: commons-daemon: wrapper to launch Java applications as daemons Apache Commons Daemon would allow unintended access to files over the network.
Family: unix Class: patch
Reference(s): USN-1298-1
CVE-2011-2729
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15309
 
Oval ID: oval:org.mitre.oval:def:15309
Title: DSA-2401-1 tomcat6 -- several
Description: Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests
Family: unix Class: patch
Reference(s): DSA-2401-1
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
CVE-2011-3375
CVE-2011-4858
CVE-2011-5062
CVE-2011-5063
CVE-2011-5064
CVE-2012-0022
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15435
 
Oval ID: oval:org.mitre.oval:def:15435
Title: USN-1252-1 -- Tomcat vulnerabilities
Description: tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-1252-1
CVE-2011-1184
CVE-2011-2204
CVE-2011-2526
CVE-2011-3190
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): Tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16925
 
Oval ID: oval:org.mitre.oval:def:16925
Title: Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0. Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0022
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Oracle GoldenGate Director
Oracle GoldenGate Veridata
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18532
 
Oval ID: oval:org.mitre.oval:def:18532
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Family: unix Class: vulnerability
Reference(s): CVE-2010-2227
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18886
 
Oval ID: oval:org.mitre.oval:def:18886
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4858
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18913
 
Oval ID: oval:org.mitre.oval:def:18913
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0783
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18915
 
Oval ID: oval:org.mitre.oval:def:18915
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18934
 
Oval ID: oval:org.mitre.oval:def:18934
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0022
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19110
 
Oval ID: oval:org.mitre.oval:def:19110
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19169
 
Oval ID: oval:org.mitre.oval:def:19169
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1184
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19269
 
Oval ID: oval:org.mitre.oval:def:19269
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0013
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19322
 
Oval ID: oval:org.mitre.oval:def:19322
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5885
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19345
 
Oval ID: oval:org.mitre.oval:def:19345
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19355
 
Oval ID: oval:org.mitre.oval:def:19355
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19379
 
Oval ID: oval:org.mitre.oval:def:19379
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3718
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19414
 
Oval ID: oval:org.mitre.oval:def:19414
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19431
 
Oval ID: oval:org.mitre.oval:def:19431
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19432
 
Oval ID: oval:org.mitre.oval:def:19432
Title: HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
Description: The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5885
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19450
 
Oval ID: oval:org.mitre.oval:def:19450
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2729
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19452
 
Oval ID: oval:org.mitre.oval:def:19452
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5515
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19465
 
Oval ID: oval:org.mitre.oval:def:19465
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19492
 
Oval ID: oval:org.mitre.oval:def:19492
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1157
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19493
 
Oval ID: oval:org.mitre.oval:def:19493
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19514
 
Oval ID: oval:org.mitre.oval:def:19514
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2526
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19532
 
Oval ID: oval:org.mitre.oval:def:19532
Title: HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2204
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19631
 
Oval ID: oval:org.mitre.oval:def:19631
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19852
 
Oval ID: oval:org.mitre.oval:def:19852
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1157
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20415
 
Oval ID: oval:org.mitre.oval:def:20415
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20429
 
Oval ID: oval:org.mitre.oval:def:20429
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20494
 
Oval ID: oval:org.mitre.oval:def:20494
Title: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0022
Version: 5
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20555
 
Oval ID: oval:org.mitre.oval:def:20555
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Family: unix Class: vulnerability
Reference(s): CVE-2010-2227
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20649
 
Oval ID: oval:org.mitre.oval:def:20649
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4476
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20657
 
Oval ID: oval:org.mitre.oval:def:20657
Title: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
Description: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3190
Version: 5
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21273
 
Oval ID: oval:org.mitre.oval:def:21273
Title: RHSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0290-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21312
 
Oval ID: oval:org.mitre.oval:def:21312
Title: RHSA-2012:0475: tomcat6 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): RHSA-2012:0475-03
CESA-2012:0475
CVE-2011-4858
CVE-2012-0022
Version: 29
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21412
 
Oval ID: oval:org.mitre.oval:def:21412
Title: RHSA-2012:0474: tomcat5 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): RHSA-2012:0474-03
CESA-2012:0474
CVE-2011-4858
CVE-2012-0022
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21420
 
Oval ID: oval:org.mitre.oval:def:21420
Title: RHSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0336-01
CESA-2011:0336
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21713
 
Oval ID: oval:org.mitre.oval:def:21713
Title: RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0214-01
CVE-2010-4476
CESA-2011:0214-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21809
 
Oval ID: oval:org.mitre.oval:def:21809
Title: RHSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0291-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21859
 
Oval ID: oval:org.mitre.oval:def:21859
Title: RHSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21907
 
Oval ID: oval:org.mitre.oval:def:21907
Title: RHSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): RHSA-2011:0292-01
CVE-2010-4476
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21956
 
Oval ID: oval:org.mitre.oval:def:21956
Title: RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): RHSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 42
Platform(s): Red Hat Enterprise Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22107
 
Oval ID: oval:org.mitre.oval:def:22107
Title: RHSA-2010:0580: tomcat5 security update (Important)
Description: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Family: unix Class: patch
Reference(s): RHSA-2010:0580-01
CESA-2010:0580
CVE-2009-2693
CVE-2009-2696
CVE-2009-2902
CVE-2010-2227
Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22673
 
Oval ID: oval:org.mitre.oval:def:22673
Title: DEPRECATED: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 82
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22721
 
Oval ID: oval:org.mitre.oval:def:22721
Title: ELSA-2009:1164: tomcat security update (Important)
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family: unix Class: patch
Reference(s): ELSA-2009:1164-01
CVE-2007-5333
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
Version: 29
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22826
 
Oval ID: oval:org.mitre.oval:def:22826
Title: ELSA-2011:0292: java-1.4.2-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0292-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22836
 
Oval ID: oval:org.mitre.oval:def:22836
Title: DEPRECATED: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22908
 
Oval ID: oval:org.mitre.oval:def:22908
Title: DEPRECATED: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22977
 
Oval ID: oval:org.mitre.oval:def:22977
Title: ELSA-2011:0336: tomcat5 security update (Important)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0336-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23078
 
Oval ID: oval:org.mitre.oval:def:23078
Title: ELSA-2010:0580: tomcat5 security update (Important)
Description: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Family: unix Class: patch
Reference(s): ELSA-2010:0580-01
CVE-2009-2693
CVE-2009-2696
CVE-2009-2902
CVE-2010-2227
Version: 21
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23319
 
Oval ID: oval:org.mitre.oval:def:23319
Title: ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0214-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23331
 
Oval ID: oval:org.mitre.oval:def:23331
Title: ELSA-2012:0474: tomcat5 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): ELSA-2012:0474-03
CVE-2011-4858
CVE-2012-0022
Version: 13
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23406
 
Oval ID: oval:org.mitre.oval:def:23406
Title: ELSA-2011:0290: java-1.6.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0290-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23523
 
Oval ID: oval:org.mitre.oval:def:23523
Title: ELSA-2011:0791: tomcat6 security and bug fix update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Family: unix Class: patch
Reference(s): ELSA-2011:0791-01
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 17
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23595
 
Oval ID: oval:org.mitre.oval:def:23595
Title: ELSA-2011:0291: java-1.5.0-ibm security update (Moderate)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0291-01
CVE-2010-4476
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23615
 
Oval ID: oval:org.mitre.oval:def:23615
Title: ELSA-2011:0282: java-1.6.0-sun security update (Critical)
Description: The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Family: unix Class: patch
Reference(s): ELSA-2011:0282-01
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4475
CVE-2010-4476
Version: 81
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23745
 
Oval ID: oval:org.mitre.oval:def:23745
Title: ELSA-2012:0475: tomcat6 security update (Moderate)
Description: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Family: unix Class: patch
Reference(s): ELSA-2012:0475-03
CVE-2011-4858
CVE-2012-0022
Version: 13
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25819
 
Oval ID: oval:org.mitre.oval:def:25819
Title: SUSE-SU-2013:1374-1 -- Security update for tomcat6
Description: This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1374-1
CVE-2012-3544
CVE-2013-1976
CVE-2012-0022
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27313
 
Oval ID: oval:org.mitre.oval:def:27313
Title: DEPRECATED: ELSA-2012-0474 -- tomcat5 security update (moderate)
Description: [0:5.5.23-0jpp.31] - Resolves: CVE-2012 regression. Changed patch file. [0:5.5.23-0jpp.30] - Resolves: CVE-2012-0022, CVE-2011-4858 [0:5.5.23-0jpp.27] - Resolves CVE-2011-0013 rhbz 675933 - Resolves CVE-2011-3718 rhbz 675933 [0:5.5.23-0jpp.23] - Resolves CVE-2011-1184 rhbz 744984 - Resolves CVE-2011-2204 rhbz 719188
Family: unix Class: patch
Reference(s): ELSA-2012-0474
CVE-2011-4858
CVE-2012-0022
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27374
 
Oval ID: oval:org.mitre.oval:def:27374
Title: DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate)
Description: [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file.
Family: unix Class: patch
Reference(s): ELSA-2012-0475
CVE-2011-4858
CVE-2012-0022
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27948
 
Oval ID: oval:org.mitre.oval:def:27948
Title: DEPRECATED: ELSA-2011-0336 -- tomcat5 security update (important)
Description: [0:5.5.23-0jpp.17] - Resolves: rhbz 674599 JDK Double.parseDouble DoS
Family: unix Class: patch
Reference(s): ELSA-2011-0336
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27956
 
Oval ID: oval:org.mitre.oval:def:27956
Title: DEPRECATED: ELSA-2010-0580 -- tomcat5 security update (important)
Description: [0:5.5.23-0jpp.9] - Resolves: rhbz#619424 fixed servlet-api typo. serve4-api to servlet-api - RHSA-2010:9748 [0:5.5.23-0jpp.8] - Patches backported from RHEL-5 tomcat5-5.5.23-0jpp.10.el5 - Updated init script for LSB compliance, catalina.log permissions - Resolves: CVE-2009-2693, CVE-2009-2902, CVE-2010-2227 - CVE_2010-0781
Family: unix Class: patch
Reference(s): ELSA-2010-0580
CVE-2009-2693
CVE-2009-2696
CVE-2009-2902
CVE-2010-2227
Version: 4
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28054
 
Oval ID: oval:org.mitre.oval:def:28054
Title: DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate)
Description: [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295
Family: unix Class: patch
Reference(s): ELSA-2011-0214
CVE-2010-4476
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28146
 
Oval ID: oval:org.mitre.oval:def:28146
Title: DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate)
Description: [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream
Family: unix Class: patch
Reference(s): ELSA-2011-0791
CVE-2010-3718
CVE-2010-4172
CVE-2011-0013
Version: 4
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29179
 
Oval ID: oval:org.mitre.oval:def:29179
Title: RHSA-2009:1164 -- tomcat security update (Important)
Description: Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Family: unix Class: patch
Reference(s): RHSA-2009:1164
CESA-2009:1164-CentOS 5
CVE-2007-5333
CVE-2008-5515
CVE-2009-0033
CVE-2009-0580
CVE-2009-0781
CVE-2009-0783
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5739
 
Oval ID: oval:org.mitre.oval:def:5739
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0033
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6445
 
Oval ID: oval:org.mitre.oval:def:6445
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5515
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6450
 
Oval ID: oval:org.mitre.oval:def:6450
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0783
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6564
 
Oval ID: oval:org.mitre.oval:def:6564
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0781
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6628
 
Oval ID: oval:org.mitre.oval:def:6628
Title: HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7017
 
Oval ID: oval:org.mitre.oval:def:7017
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2693
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7033
 
Oval ID: oval:org.mitre.oval:def:7033
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3548
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7092
 
Oval ID: oval:org.mitre.oval:def:7092
Title: HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification
Description: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2902
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9101
 
Oval ID: oval:org.mitre.oval:def:9101
Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0580
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 213
Application 321
Application 356
Application 105

SAINT Exploits

Description Link
HP Performance Manager Apache Tomcat Policy Bypass More info here

ExploitDB Exploits

id Description
2012-01-03 PHP Hash Table Collision Proof Of Concept
2010-04-22 Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure...

OpenVAS Exploits

Date Description
2012-11-27 Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl
2012-11-23 Name : Ubuntu Update for tomcat6 USN-1637-1
File : nvt/gb_ubuntu_USN_1637_1.nasl
2012-08-14 Name : Fedora Update for tomcat6 FEDORA-2012-7593
File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
File : nvt/glsa_201206_24.nasl
2012-08-03 Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2012_085.nasl
2012-08-02 Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)
File : nvt/gb_suse_2012_0208_1.nasl
2012-07-30 Name : CentOS Update for java CESA-2011:0214 centos5 x86_64
File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat6 CESA-2011:1780 centos6
File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for tomcat5 CESA-2012:0474 centos5
File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl
2012-07-30 Name : CentOS Update for tomcat6 CESA-2012:0475 centos6
File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl
2012-07-09 Name : RedHat Update for tomcat6 RHSA-2011:1780-01
File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl
2012-07-09 Name : RedHat Update for tomcat6 RHSA-2012:0475-01
File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0335-01
File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl
2012-06-06 Name : RedHat Update for tomcat6 RHSA-2011:0791-01
File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl
2012-04-13 Name : RedHat Update for tomcat5 RHSA-2012:0474-01
File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl
2012-04-02 Name : Fedora Update for apache-commons-daemon FEDORA-2011-10880
File : nvt/gb_fedora_2011_10880_apache-commons-daemon_fc16.nasl
2012-04-02 Name : Fedora Update for tomcat6 FEDORA-2011-13426
File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ...
File : nvt/gb_VMSA-2012-0005.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-21 Name : Ubuntu Update for tomcat6 USN-1359-1
File : nvt/gb_ubuntu_USN_1359_1.nasl
2012-02-12 Name : Debian Security Advisory DSA 2401-1 (tomcat6)
File : nvt/deb_2401_1.nasl
2012-02-12 Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat0.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-20 Name : Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
File : nvt/gb_apache_tomcat_parameter_handling_dos_vuln_win.nasl
2012-01-16 Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl
2012-01-12 Name : Apache Tomcat Hash Collision Denial Of Service Vulnerability
File : nvt/gb_apache_tomcat_hash_collision_dos_vuln_win.nasl
2011-12-23 Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386
File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl
2011-12-23 Name : RedHat Update for tomcat5 RHSA-2011:1845-01
File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl
2011-12-16 Name : Ubuntu Update for commons-daemon USN-1298-1
File : nvt/gb_ubuntu_USN_1298_1.nasl
2011-11-11 Name : Fedora Update for tomcat6 FEDORA-2011-15005
File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl
2011-11-11 Name : Ubuntu Update for tomcat6 USN-1252-1
File : nvt/gb_ubuntu_USN_1252_1.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13456
File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl
2011-10-21 Name : Fedora Update for tomcat6 FEDORA-2011-13457
File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl
2011-10-21 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-10-21 Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_156.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-09 Name : Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
File : nvt/gb_tomcat_48667.nasl
2011-09-08 Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
File : nvt/gb_tomcat_48456.nasl
2011-09-08 Name : Apache Tomcat AJP Protocol Security Bypass Vulnerability
File : nvt/gb_tomcat_49353.nasl
2011-08-31 Name : Fedora Update for apache-commons-daemon FEDORA-2011-10936
File : nvt/gb_fedora_2011_10936_apache-commons-daemon_fc15.nasl
2011-08-29 Name : Java for Mac OS X 10.5 Update 9
File : nvt/secpod_macosx_java_10_5_upd_9.nasl
2011-08-29 Name : Java for Mac OS X 10.6 Update 4
File : nvt/secpod_macosx_java_10_6_upd_4.nasl
2011-08-17 Name : Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
File : nvt/gb_tomcat_49143.nasl
2011-08-12 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523
File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386
File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2011:0214 centos5 i386
File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386
File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003
File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl
2011-06-20 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020
File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl
2011-06-06 Name : HP-UX Update for Java HPSBUX02685
File : nvt/gb_hp_ux_HPSBUX02685.nasl
2011-05-12 Name : Debian Security Advisory DSA 2207-1 (tomcat5.5)
File : nvt/deb_2207_1.nasl
2011-05-05 Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-04-01 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_054.nasl
2011-04-01 Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1
File : nvt/gb_ubuntu_USN_1097_1.nasl
2011-03-15 Name : RedHat Update for tomcat5 RHSA-2011:0336-01
File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl
2011-03-07 Name : Debian Security Advisory DSA 2160-1 (tomcat6)
File : nvt/deb_2160_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-1 (openjdk-6)
File : nvt/deb_2161_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2161-2 (openjdk-6)
File : nvt/deb_2161_2.nasl
2011-03-07 Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
File : nvt/gb_ubuntu_USN_1079_1.nasl
2011-03-05 Name : FreeBSD Ports: tomcat55
File : nvt/freebsd_tomcat55.nasl
2011-02-28 Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
File : nvt/gb_suse_2011_010.nasl
2011-02-28 Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl
2011-02-22 Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2011_030.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631
File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl
2011-02-18 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645
File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231
File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl
2011-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263
File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl
2011-02-11 Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01
File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl
2011-01-04 Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
File : nvt/gb_hp_ux_HPSBUX02579.nasl
2010-12-02 Name : Fedora Update for tomcat6 FEDORA-2010-16528
File : nvt/gb_fedora_2010_16528_tomcat6_fc14.nasl
2010-11-16 Name : Fedora Update for tomcat6 FEDORA-2010-16248
File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl
2010-11-16 Name : Fedora Update for tomcat6 FEDORA-2010-16270
File : nvt/gb_fedora_2010_16270_tomcat6_fc13.nasl
2010-09-14 Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-09-14 Name : Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)
File : nvt/gb_mandriva_MDVSA_2010_177.nasl
2010-08-30 Name : Ubuntu Update for tomcat6 vulnerability USN-976-1
File : nvt/gb_ubuntu_USN_976_1.nasl
2010-08-06 Name : RedHat Update for tomcat5 RHSA-2010:0580-01
File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-07-13 Name : Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Servic...
File : nvt/gb_apache_tomcat_41544.nasl
2010-06-23 Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541
File : nvt/gb_hp_ux_HPSBUX02541.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-05-04 Name : FreeBSD Ports: tomcat
File : nvt/freebsd_tomcat.nasl
2010-04-29 Name : Apache Tomcat Security bypass vulnerability
File : nvt/secpod_apache_tomcat_sec_bypass_vuln.nasl
2010-04-23 Name : Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnera...
File : nvt/gb_apache_tomcat_39635.nasl
2010-02-15 Name : Ubuntu Update for tomcat6 vulnerabilities USN-899-1
File : nvt/gb_ubuntu_USN_899_1.nasl
2010-01-28 Name : Apache Tomcat Multiple Vulnerabilities January 2010
File : nvt/apache_tomcat_multiple_vulnerabilities_jan_10.nasl
2009-12-03 Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6)
File : nvt/fcore_2009_11352.nasl
2009-12-03 Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6)
File : nvt/fcore_2009_11356.nasl
2009-12-03 Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6)
File : nvt/fcore_2009_11374.nasl
2009-11-17 Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability
File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1562
File : nvt/RHSA_2009_1562.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-10-22 Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466
File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13 Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat52.nasl
2009-10-13 Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce.nasl
2009-10-11 Name : SLES11: Security update for Websphere Community Edition
File : nvt/sles11_websphere-as_ce.nasl
2009-10-10 Name : SLES9: Security update for Tomcat
File : nvt/sles9p5055024.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:163 (tomcat5)
File : nvt/mdksa_2009_163.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1164 (tomcat)
File : nvt/ovcesa2009_1164.nasl
2009-08-17 Name : SuSE Security Summary SUSE-SR:2009:013
File : nvt/suse_sr_2009_013.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1164
File : nvt/RHSA_2009_1164.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-30 Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
File : nvt/mdksa_2009_136.nasl
2009-06-30 Name : Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
File : nvt/mdksa_2009_138.nasl
2009-06-30 Name : Ubuntu USN-789-1 (gst-plugins-good0.10)
File : nvt/ubuntu_789_1.nasl
2009-06-23 Name : Ubuntu USN-788-1 (tomcat6)
File : nvt/ubuntu_788_1.nasl
2009-06-16 Name : Apache Tomcat Multiple Vulnerabilities June-09
File : nvt/gb_apache_tomcat_mult_vuln_jun09.nasl
2009-03-18 Name : Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
File : nvt/gb_apache_tomcat_xss_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78573 Apache Tomcat CPU Consumption Parameter Saturation Remote DoS

78483 Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re...

Multiple Hitachi Cosminexus products contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
78113 Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS

Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
76189 Apache Tomcat HTTP DIGEST Authentication Weakness

74818 Apache Tomcat AJP Message Injection Authentication Bypass

Apache Tomcat contains a flaw related to the processing of certain requests. The issue is triggered when a remote attacker injects arbitrary AJP messages. This may disclose sensitive information to an attacker or allow them to bypass authentication.
74541 Apache Tomcat Commons Daemon Jsvc Permissions Weakness Arbitrary File Access

73798 Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS

73797 Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res...

73429 Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure

71558 Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi...

Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files.
71557 Apache Tomcat HTML Manager Multiple XSS

The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70965 Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ...

Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service.
66319 Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo...

64023 Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure

62054 Apache Tomcat WAR Filename Traversal Work-directory File Deletion

Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path of the host's work directory. The issue is due to Apache Tomcat not properly sanitizing the contents of a WAR file before it is deployed, which could be exploited by a directory traversal sequence in the file name(s) to delete and possibly create malicious files in the host's work directory.
62052 Apache Tomcat WAR File Traversal Arbitrary File Overwrite

Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via file names of files contained in a WAR file. This directory traversal attack would allow the attacker to create or overwrite arbitrary files.
60176 Apache Tomcat Windows Installer Admin Default Password

55056 Apache Tomcat Cross-application TLD File Manipulation

55055 Apache Tomcat Illegally URL Encoded Password Request Username Enumeration

55054 Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade...

55053 Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access

52899 Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ...

Apache Tomcat Examples Web Application Calendar Application contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'time' parameter upon submission to the 'jsp/cal/cal2.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-11-21 IAVM : 2013-A-0219 - Multiple Vulnerabilities in Juniper Networks and Security Manager
Severity : Category I - VMSKEY : V0042384
2012-05-03 IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager
Severity : Category I - VMSKEY : V0032178
2011-12-15 IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0
Severity : Category I - VMSKEY : V0030824
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

Date Description
2014-01-10 Apache Tomcat Java AJP connector invalid header timeout denial of service att...
RuleID : 20613 - Revision : 2 - Type : SPECIFIC-THREATS
2014-01-10 Apache Tomcat Java AJP connector invalid header timeout DOS attempt
RuleID : 20612 - Revision : 10 - Type : SERVER-APACHE
2014-01-10 Java floating point number denial of service - via POST
RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10 Java floating point number denial of service - via URI
RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10 Apache Tomcat username enumeration attempt
RuleID : 18096 - Revision : 7 - Type : SERVER-APACHE
2014-02-08 (http_inspect)webrootdirectorytraversal
RuleID : 18 - Revision : 2 - Type :
2014-01-10 HP Performance Manager Apache Tomcat policy bypass attempt
RuleID : 17156 - Revision : 8 - Type : SERVER-APACHE
2019-01-15 (http_inspect)directorytraversal
RuleID : 11 - Revision : 2 - Type :

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote VMware ESXi / ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20120405.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0266.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-129.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-883.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-884.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_tomcat6-120109.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_jakarta-commons-daemon-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120109.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_2_r5.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-130802.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2725.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0623.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0640.nasl - Type : ACT_GATHER_INFO
2013-06-05 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0005.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0647.nasl - Type : ACT_GATHER_INFO
2013-03-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0640.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0623.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0640.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130311_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130312_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0623.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0629.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-130107.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-8397.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0584.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-20151.nasl - Type : ACT_GATHER_INFO
2012-11-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1637-1.nasl - Type : ACT_GATHER_INFO
2012-11-21 Name : The remote Apache Tomcat server is affected by multiple security weaknesses.
File : tomcat_5_5_36.nasl - Type : ACT_GATHER_INFO
2012-11-21 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_36.nasl - Type : ACT_GATHER_INFO
2012-11-21 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_30.nasl - Type : ACT_GATHER_INFO
2012-11-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_152e4c7e2a2e11e299c700a0d181e71d.nasl - Type : ACT_GATHER_INFO
2012-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120411_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120411_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_9fp11.nasl - Type : ACT_GATHER_INFO
2012-06-15 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO
2012-05-31 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-085.nasl - Type : ACT_GATHER_INFO
2012-04-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO
2012-03-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1359-1.nasl - Type : ACT_GATHER_INFO
2012-02-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7933.nasl - Type : ACT_GATHER_INFO
2012-02-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-01-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7f5ccb1d439b11e1bc160023ae8e59f0.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server is affected by a denial of service vulnerability
File : tomcat_5_5_35.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server is affected by a denial of service vulnerability.
File : tomcat_7_0_23.nasl - Type : ACT_GATHER_INFO
2011-12-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7756.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1298-1.nasl - Type : ACT_GATHER_INFO
2011-12-12 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO
2011-12-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote database server is affected by multiple denial of service vulnerab...
File : db2_97fp5.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO
2011-11-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7755.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO
2011-09-02 Name : The remote web server is affected by an authentication bypass vulnerability t...
File : tomcat_7_0_21.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO
2011-08-30 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10936.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10880.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote web server is affected by an information disclosure vulnerability.
File : tomcat_7_0_20.nasl - Type : ACT_GATHER_INFO
2011-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12706.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO
2011-03-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO
2011-03-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO
2011-03-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO
2011-03-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12687.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12683.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_websphere-as_ce-090619.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12682.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO
2011-02-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO
2011-02-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO
2011-02-16 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a cross-site scripting vulnerability.
File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote web server is affected by a security bypass vulnerability.
File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO
2010-11-15 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16528.nasl - Type : ACT_GATHER_INFO
2010-11-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16248.nasl - Type : ACT_GATHER_INFO
2010-11-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16270.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-6839.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7099.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12625.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-100719.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-177.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-976-1.nasl - Type : ACT_GATHER_INFO
2010-08-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_28.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK
2010-05-28 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO
2010-04-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-7003.nasl - Type : ACT_GATHER_INFO
2010-04-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3383e7064fc311df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12585.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_tomcat6-100216.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-100211.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_tomcat6-100210.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote SuSE system is missing the security patch tomcat5-6841
File : suse_tomcat5-6841.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-899-1.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The web server running on the remote host is affected by multiple vulnerabili...
File : tomcat_war_deploy_multiple_vulnerabilities.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11352.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11356.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11374.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_tomcat55-6369.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12460.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_websphere-as_ce-090620.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-6352.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_websphere-as_ce-6312.nasl - Type : ACT_GATHER_INFO
2009-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-138.nasl - Type : ACT_GATHER_INFO
2009-06-22 Name : The web server running on the remote host is affected by an information discl...
File : tomcat_xml_parser.nasl - Type : ACT_GATHER_INFO
2009-06-18 Name : The remote web server is affected by a directory traversal vulnerability.
File : tomcat_requestdispatcher_dir_traversal.nasl - Type : ACT_GATHER_INFO
2009-06-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-788-1.nasl - Type : ACT_GATHER_INFO
2009-03-09 Name : The remote web server contains a JSP application that is affected by a cross-...
File : tomcat_sample_cal2_xss2.nasl - Type : ACT_ATTACK
2008-11-26 Name : The management console for the remote web server is protected using a known s...
File : tomcat_manager_common_creds.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-04-02 00:17:23
  • First insertion