Page 4 of 78 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 102EXPL: 0

CVE-2015-5345 – tomcat: directory disclosure

https://notcve.org/view.php?id=CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. El componente Mapper en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.30, y 9.x en versiones anteriores a 9.0.0.M2 procesa redirecciones antes de considerar las restricciones y Filtros de seguridad, lo que permite a atacantes remotos determinar la existencia de un directorio a través de una URL que carece de un carácter / (barra) final. It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •

CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0

CVE-2015-5174 – tomcat: URL Normalization issue

https://notcve.org/view.php?id=CVE-2015-5174

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. Vulnerabilidad de salto de directorio en RequestUtil.java en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.65 y 8.x en versiones anteriores a 8.0.27 permite a usuarios remotos autenticados eludir las restricciones de SecurityManager destinadas y listar un directorio padre a través de un /.. (barra punto punto) en un nombre de ruta utilizado por una aplicación web en una llamada getResource, getResourceAsStream o getResourcePaths, según lo demostrado por el directorio $CATALINA_BASE/webapps. A directory traversal flaw was found in Tomcat's RequestUtil.java. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html http://rhn.redhat.com/errata/RHSA-2016-1435.html http://rhn&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

CVE-2016-0706 – tomcat: security manager bypass via StatusManagerServlet

https://notcve.org/view.php?id=CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no sitúa org.apache.catalina.manager.StatusManagerServlet en la lista org/apache/catalina/core/RestrictedServlets.properties, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y leer peticiones HTTP arbitrarias, y consecuentemente descubrir valores de ID de sesión, a través de una aplicación web manipulada. It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 104EXPL: 0

CVE-2016-0714 – tomcat: Security Manager bypass via persistence mechanisms

https://notcve.org/view.php?id=CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. La implementación de persistencia de sesión en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no maneja correctamente atributos de sesión, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y ejecutar código arbitrario en un contexto privilegiado a través de una aplicación web que sitúa un objeto manipulado en una sesión. It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-264: Permissions, Privileges, and Access Controls CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.8EPSS: 0%CPEs: 240EXPL: 0

CVE-2014-7810 – Tomcat/JbossWeb: security manager bypass via EL expressions

https://notcve.org/view.php?id=CVE-2014-7810

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. La implementación Expression Language (EL) en Apache Tomcat 6.x anterior a 6.0.44, 7.x anterior a 7.0.58, y 8.x anterior a 8.0.16 no considera correctamente la posibilidad de una interfaz accesible implementada por una clase no accesible, lo que permite a atacantes evadir un mecanismo de protección SecurityManager a través de una aplicación web que aprovecha el uso de privilegios incorrectos durante la evaluación EL. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. • http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2015-1621.html http://rhn.redhat.com/errata/RHSA-2015-1622.html http://rhn.redhat.com/errata/RHSA-2016-0492.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://svn.apache.org/viewvc?view=revision&revision=1644018 http://svn.apache.org/viewvc?view=revision&revision=1645642 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apach • CWE-284: Improper Access Control •