Page 22 of 229 results (0.028 seconds)

CVSS: 4.3EPSS: 0%CPEs: 109EXPL: 0

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.54 y 8.x anterior a 8.0.6 no restringe debidamente el cargador de clase que accede al analizador XML utilizado con una hoja de estilo XSLT, lo que permite a atacantes remotos (1) leer archivos arbitrarios a través de una aplicación web manipulada que proporciona una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE) o (2) leer archivos asociados con aplicaciones web diferentes en una instancia Tomcat única a través de una aplicación web manipulada. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance. • http://advisories.mageia.org/MGASA-2014-0268.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://seclists.org/fulldisclosure/2014/Dec/23 http://seclists.org/fulldisclosure/2014/May/141 http://secunia.com/advisories/59732 http://secunia.com/advisories/59873 • CWE-264: Permissions, Privileges, and Access Controls CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 4.3EPSS: 0%CPEs: 107EXPL: 0

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. java/org/apache/catalina/servlets/DefaultServlet.java en el servlet por defecto en Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.53 y 8.x anterior a 8.0.4 no restringe debidamente hojas de estilo XSLT, lo que permite a atacantes remotos evadir restricciones de jefe de seguridad y leer archivos arbitrarios a través de una aplicación web manipulada que proporciona una declaración de entidad externa XML en conjunto con un referencia de entidad, relacionado con un problema de entidad externa XML (XXE). It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. • http://advisories.mageia.org/MGASA-2014-0268.html http://linux.oracle.com/errata/ELSA-2014-0865.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://seclists.org/fulldisclosure/2014/ • CWE-264: Permissions, Privileges, and Access Controls CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.8EPSS: 0%CPEs: 107EXPL: 0

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Desbordamiento de enteros en java/org/apache/tomcat/util/buf/Ascii.java en Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.53 y 8.x anterior a 8.0.4, cuando se opera detrás de un proxy inverso, permite a atacantes remotos realizar ataques de contrabando de solicitudes HTTP a través de una cabecera de longitud de contenido HTTP manipulada. It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly. • http://advisories.mageia.org/MGASA-2014-0268.html http://linux.oracle.com/errata/ELSA-2014-0865.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA- • CWE-189: Numeric Errors CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.0EPSS: 3%CPEs: 107EXPL: 0

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Desbordamiento de enteros en la función parseChunkHeader en java/org/apache/coyote/http11/filters/ChunkedInputFilter.java en Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.53 y 8.x anterior a 8.0.4 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un tamaño de fragmento malformado en una codificación de transferencia fragmentada de una solicitud durante la transmisión de datos. It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. • http://advisories.mageia.org/MGASA-2014-0268.html http://linux.oracle.com/errata/ELSA-2014-0865.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA- • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. java/org/apache/coyote/ajp/AbstractAjpProcessor.java en Apache Tomcat 8.x anterior a 8.0.4 permite a atacantes remotos causar una denegación de servicio (consumo de hilo) mediante el uso de una solicitud 'longitud de contenido: 0' AJP para provocar un cuelgue en el procesamiento de solicitudes. • http://seclists.org/fulldisclosure/2014/May/134 http://secunia.com/advisories/59873 http://secunia.com/advisories/60729 http://svn.apache.org/viewvc?view=revision&revision=1578392 http://tomcat.apache.org/security-8.html http://www-01.ibm.com/support/docview.wss?uid=swg21678231 http://www-01.ibm.com/support/docview.wss?uid=swg21681528 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/67673 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •