CVSS: 5.8EPSS: 0%CPEs: 39EXPL: 0CVE-2011-2729 – jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser
https://notcve.org/view.php?id=CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. native/unix/native/jsvc-unix.c en jsvc en el componente Daemon v1.0.3 hasta v1.0.6 en Apache Commons, usado en Apache Tomcat v5.5.32 hasta v5.5.33, v6.0.30 hasta v6.0.32, y v7.0.x anterior a v7.0.20 en LinuxApache Commons, no elimina permisos, lo que permite a atacantes remotos evitar permisos de lectura para ficheros a través de una petición en una aplicación. • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108%40apache.org%3E http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306%40apache.org%3E http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w= • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 80EXPL: 0CVE-2011-2526 – tomcat: security manager restrictions bypass
https://notcve.org/view.php?id=CVE-2011-2526
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. Apache Tomcat v5.5.x anterior a v5.5.34, v6.x anterior a v6.0.33, y v7.x anterior a v7.0.19, cuando sendfile está habilitado para el conector HTTP APR o HTTP NIO, no valida ciertos atributos en la solicitud, permitiendo a usuarios locales eludir las restricciones de acceso a archivos o causar una denegación de servicio (bucle infinito o caída de JVM) mediante el aprovechamiento de una aplicación web no confiable. • http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/73797 http://osvdb.org/73798 http://rhn.redhat.com/errata/RHSA-2012-0074.html http://rhn.redhat.com/errata/RHSA-2012-0075.html http://rhn.redhat.com/errata/RHSA-2012-0076.html http://rhn.redhat.com/errata/RHSA-2012-0077.html http: • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 79EXPL: 0CVE-2011-2204 – tomcat: password disclosure vulnerability
https://notcve.org/view.php?id=CVE-2011-2204
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat v5.5.x antes de v5.5.34, v6.0.33 antes de v6.x, v7.x antes de v7.0.17, cuando el MemoryUserDatabase se utiliza, crea entradas del registro que contienen las contraseñas al encontrar errores en la creación de usuarios JMX, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/44981 http://secunia.com/advisories/48308 http://secunia.com/advisories/57126 http://securitytracker.com/id? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 1CVE-2011-0013 – tomcat: XSS vulnerability in HTML Manager interface
https://notcve.org/view.php?id=CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la interfaz de HTML Manager en Apache Software Foundation Tomcat v7.0 antes de v7.0.6, v5.5 antes de v5.5.32 y v6.0 antes de v6.0.30 permiten a atacantes remotos inyectar secuencias de comandos web o HTML, como se demuestra a través de una etiqueta display-name. Apache Tomcat Manager suffers from a cross site scripting vulnerability. Versions 7.0.0 through 7.0.5, 6.0.0 through 6.0.29, and 5.5.0 through 5.5.31 are affected. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/43192 http://secunia.com/advisories/45022 http://secunia.com/advisories/57126 http://s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 34EXPL: 0CVE-2011-0534 – tomcat: remote DoS via NIO connector
https://notcve.org/view.php?id=CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. Apache Tomcat v7.0.0 hasta v7.0.6 y v6.0.0 hasta v6.0.30 no hace cumplir el límite maxHttpHeaderSize de las solicitudes relacionadas con el conector NIO HTTP, que permite a atacantes remotos provocar una denegación de servicio (OutOfMemoryError) a través de una solicitud manipulada. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/70809 http://secunia.com/advisories/43192 http://secunia.com/advisories/45022 http://secunia.com/advisories/57126 http://securityreason.com/securityalert/8074 http://support.apple.com/kb/HT5002 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098 • CWE-399: Resource Management Errors •