CVSS: 7.5EPSS: 85%CPEs: 82EXPL: 0CVE-2017-12616 – tomcat: Information Disclosure when using VirtualDirContext
https://notcve.org/view.php?id=CVE-2017-12616
19 Sep 2017 — When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Cuando se empleó un VirtualDirContext con Apache Tomcat en sus versiones 7.0.0 a 7.0.80 fue posible omitir las restricciones de seguridad o ver el código fuente de los archivos JSP para los recursos servidos por VirtualDirContext usando una petición especialmente manipulada. Red Ha... • http://www.securityfocus.com/bid/100897 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 161EXPL: 0CVE-2017-5664 – tomcat: Security constrained bypass in error page mechanism
https://notcve.org/view.php?id=CVE-2017-5664
06 Jun 2017 — The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0... • http://www.debian.org/security/2017/dsa-3891 • CWE-266: Incorrect Privilege Assignment CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 205EXPL: 0CVE-2017-5647 – tomcat: Incorrect handling of pipelined requests when send file was used
https://notcve.org/view.php?id=CVE-2017-5647
17 Apr 2017 — A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B ... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 148EXPL: 0CVE-2017-5648 – tomcat: Calls to application listeners did not use the appropriate facade object
https://notcve.org/view.php?id=CVE-2017-5648
10 Apr 2017 — While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Cuando se investigaba ... • http://www.debian.org/security/2017/dsa-3842 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-6797 – tomcat: unrestricted access to global resources
https://notcve.org/view.php?id=CVE-2016-6797
24 Jan 2017 — The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. La implementación ResourceLinkFactory en Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 2CVE-2016-5018 – tomcat: security manager bypass via IntrospectHelper utility function
https://notcve.org/view.php?id=CVE-2016-5018
24 Jan 2017 — In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. En Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 una aplicación web maliciosa era capaz de omitir un SecurityManager configurado mediante un método utility Tomcat accesible para las aplicaciones web... • https://packetstorm.news/files/id/155873 •
CVSS: 5.9EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0762 – tomcat: timing attack in Realm implementation
https://notcve.org/view.php?id=CVE-2016-0762
24 Jan 2017 — The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Las implementaciones Realm en Apache Tomcat versiones 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-6794 – tomcat: system property disclosure
https://notcve.org/view.php?id=CVE-2016-6794
24 Jan 2017 — When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Cuando se configura un SecurityManager, la capacidad de una aplicación w... • http://rhn.redhat.com/errata/RHSA-2017-0457.html •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2016-6796 – tomcat: security manager bypass via JSP Servlet config parameters
https://notcve.org/view.php?id=CVE-2016-6796
24 Jan 2017 — A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Una aplicación web maliciosa en Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 era capaz de eludir un SecurityManager configurado mediante la manipulación de los parámetros de configuración ... • http://rhn.redhat.com/errata/RHSA-2017-0457.html •
CVSS: 7.1EPSS: 0%CPEs: 178EXPL: 2CVE-2016-6816 – Apache Tomcat 6/7/8/9 - Information Disclosure
https://notcve.org/view.php?id=CVE-2016-6816
18 Dec 2016 — The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other th... • https://packetstorm.news/files/id/141920 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •