Page 13 of 175 results (0.005 seconds)

CVSS: 4.3EPSS: 91%CPEs: 191EXPL: 0

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. Apache Tomcat anterior a 6.0.39, 7.x anterior a 7.0.50 y 8.x anterior a 8.0.0-RC10 procesa codificación de transferencia fragmentada sin manejar debidamente (1) una gran cantidad total de datos fragmentados o (2) caracteres de espacio en blanco en un valor de cabecera HTTP dentro de un campo "trailer", lo que permite a atacantes remotos causar una denegación de servicio por transmisión de datos. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-3544. It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. • http://advisories.mageia.org/MGASA-2014-0148.html http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59036 http://secunia.com/advisories/59675 http://secunia.com/advisories/59722 http://secunia.com/advisories/59724 http://secunia.com/advisories/59873 http://svn.apache.org/viewvc?view=revision&revision=1521834 http://svn.apache.org/viewvc?view=revision&revision=1521864 http://svn.apache.org/viewvc?vie • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL. org/apache/catalina/connector/CoyoteAdapter.java en Apache Tomcat 6.0.33 hasta 6.0.37 no considera la configuración disableURLRewriting cuando maneja un ID de sesión en una URL, lo que permite a atacantes remotos realizar ataques de fijación de sesión a través de una URL manipulada. It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59036 http://secunia.com/advisories/59722 http://secunia.com/advisories/59873 http://svn.apache.org/viewvc?view=revision&revision=1558822 http://tomcat.apache.org/security-6.html http://www-01.ibm.com/support/docview.wss?uid=swg21675886 http://www-01.ibm.com/support/docview.wss?uid=swg21677147 http://www-01.ibm.com/support/docview.wss?uid=swg21678231 http://www.debian.org/security/2016/dsa-3530 • CWE-20: Improper Input Validation CWE-384: Session Fixation •

CVSS: 5.8EPSS: 0%CPEs: 183EXPL: 0

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. Apache Tomcat anterior a 6.0.39, 7.x anterior a 7.0.47 y 8.x anterior a 8.0.0-RC3, cuando se utiliza un conector HTTP o AJP, no maneja debidamente ciertas cabeceras de solicitud HTTP inconsistentes, lo que permite a atacantes remotos provocar una identificación incorrecta de la longitud de una solicitud y realizar ataques request-smuggling a través de (1) múltiples cabeceras de Content-Length o (2) una cabecera de Content-Length y una cabecera de "Transfer-Encoding: chunked". NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2005-2090. It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. • http://advisories.mageia.org/MGASA-2014-0148.html http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2014-0343.html http://rhn.redhat.com/errata/RHSA-2014-0344.html http://rhn.redhat.com/errata/RHSA-2014-0345.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/57675 http://secunia.com/advisories/59036 http://secunia.com/advisories/59675 http:// • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 0

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." ** DISPUTADA ** Apache Tomcat 7.x utiliza permisos de lectura para todos para los directorios de registros LOG y sus archivos, lo que permitiría a usuarios locales obtener información sensible mediante la lectura de un archivo. NOTA: Un distribuidor Tomcat ha declarado "El directorio de registros LOG de Tomcat no contiene ninguna información sensible". • http://www.openwall.com/lists/oss-security/2013/02/23/5 https://bugzilla.redhat.com/show_bug.cgi?id=924841 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 21%CPEs: 74EXPL: 2

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. • https://www.exploit-db.com/exploits/31615 http://advisories.mageia.org/MGASA-2014-0110.html http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://packetstormsecurity.com/files/127215/VMware& • CWE-264: Permissions, Privileges, and Access Controls •