Page 11 of 57 results (0.020 seconds)

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. La configuración de cifrado SSL por defecto en Apache Tomcat 4.1.28 hasta 4.1.31, 5.0.0 hasta 5.0.30, y 5.5.0 hasta 5.5.17 utiliza determinadas claves inseguras, incluyendo la clave anónima, lo cual permite a atacantes remotos obtener información sensible o tener otros impactos no especificados. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://marc.info/?l=bugtraq&m=133114899904925&w=2 http://osvdb.org/34882 http://secunia.com/advisories/29392 http://secunia.com/advisories/33668 http://secunia.com/advisories/44183 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.ap •

CVSS: 4.3EPSS: 1%CPEs: 37EXPL: 0

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en implicit-objects.jsp del Apache Tomcat 5.0.0 hasta el 5.0.30 y el 5.5.0 hasta la 5.5.17 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de ciertos valores en la cabecera. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/28365 http://secunia.com/advisories/33668 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-5.html http://www.redhat.com/support/errata/RHSA-2007-0327.html http://www.redhat.com/support/errata • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 95%CPEs: 54EXPL: 1

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicación de calendario en Apache Tomcat versión 4.0.0 hasta 4.0.6, versión 4.1.0 hasta 4.1.31, versión 5.0.0 hasta 5.0.30 y versión 5.5.0 hasta 5.5.15 permite a atacantes remotos inyectar script web o HTML arbitrarias por medio del parámetro time hacia el archivo cal2.jsp y posiblemente otros vectores no especificados. NOTA: esto puede estar relacionado con CVE-2006-0254.1. • https://www.exploit-db.com/exploits/30563 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://osvdb.org/34888 http://secunia.com/advisories/29242 http://secunia.com/advisories/33668 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 97%CPEs: 3EXPL: 1

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. Vulnerabilidad de salto de directorio en Apache HTTP Server y Tomcat 5.x anterior a 5.5.22 y 6.x anterior a 6.0.10, al usar ciertos módulos de proxy (mod_proxy, mod_rewrite, mod_jk), permite a atacantes remotos leer ficheros de su elección mediante una secuencia .. (punto punto) con combinaciones de caracteres (1) "/" (barra), (2) "\" (barra invertida), y (3) barra invertida con codificación de URL (%5C), los cuales son separadores válidos en Tomcat pero no en Apache. • https://www.exploit-db.com/exploits/29739 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/24732 http://secunia.com/advisories/25106 http://secunia.com/adv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 87%CPEs: 5EXPL: 3

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. Apache Tomcat 5 anterior a 5.5.17 permite a atacantes remotos listar directorios a través de un punto y coma (;) precedido de un nombre de archivo con una extensión mapeada, como se demostró con las URLs finalizadas con /;index.jsp y /;help.do. ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities. • https://www.exploit-db.com/exploits/28254 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/25212 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/33668 http://secunia.com/advisories/37297 http://securitytracker.com/id?1016576 http:/ •