Page 115 of 1430 results (0.024 seconds)

CVSS: 8.8EPSS: 0%CPEs: 74EXPL: 0

CVE-2015-5351 – tomcat: CSRF token leak

https://notcve.org/view.php?id=CVE-2015-5351

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. Las aplicaciones (1) Manager y (2) Host Manager en Apache Tomcat 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 establecen sesiones y envían tokens CSRF para peticiones nuevas arbitrarias, lo que permite a atacantes remotos eludir un mecanismo de protección CSRF mediante el uso de un token. A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2599.html http://rhn.redhat.com/errata/RHSA-2016-2807.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

CVE-2016-0706 – tomcat: security manager bypass via StatusManagerServlet

https://notcve.org/view.php?id=CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no sitúa org.apache.catalina.manager.StatusManagerServlet en la lista org/apache/catalina/core/RestrictedServlets.properties, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y leer peticiones HTTP arbitrarias, y consecuentemente descubrir valores de ID de sesión, a través de una aplicación web manipulada. It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •

CVSS: 8.1EPSS: 0%CPEs: 72EXPL: 0

CVE-2015-5346 – tomcat: Session fixation

https://notcve.org/view.php?id=CVE-2015-5346

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Vulnerabilidad de fijación de sesión en Apache Tomcat 7.x en versiones anteriores a 7.0.66, 8.x en versiones anteriores a 8.0.30 y 9.x en versiones anteriores a 9.0.0.M2, cuando se utilizan configuraciones de sesión diferentes para despliegues de múltiples versiones de la misma aplicación web, podría permitir a atacantes remotos secuestrar sesiones web aprovechando el uso de un campo requestedSessionSSL para una petición no intencionada, relacionado con CoyoteAdapter.java y Request.java. A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://rhn.redhat.com/errata/RHSA-2016-2807.html http://rhn.redhat.com/errata/RHSA-2016-2 •

CVSS: 8.8EPSS: 0%CPEs: 104EXPL: 0

CVE-2016-0714 – tomcat: Security Manager bypass via persistence mechanisms

https://notcve.org/view.php?id=CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. La implementación de persistencia de sesión en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no maneja correctamente atributos de sesión, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y ejecutar código arbitrario en un contexto privilegiado a través de una aplicación web que sitúa un objeto manipulado en una sesión. It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-264: Permissions, Privileges, and Access Controls CWE-290: Authentication Bypass by Spoofing •

CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 0

CVE-2016-0794 – libreoffice: Multiple out-of-bounds overflows in lwp filter

https://notcve.org/view.php?id=CVE-2016-0794

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. El filtro lwp en LibreOffice en versiones anteriores a 5.0.4 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un documento LotusWordPro (lwp) manipulado. Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00110.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-2579.html http://www.debian.org/security/2016/dsa-3482 http://www.securitytracker.com/id/1035022 http://www.ubuntu.com/usn/USN-2899-1 https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794 https://www.verisign.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •