Page 9 of 51 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no sitúa org.apache.catalina.manager.StatusManagerServlet en la lista org/apache/catalina/core/RestrictedServlets.properties, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y leer peticiones HTTP arbitrarias, y consecuentemente descubrir valores de ID de sesión, a través de una aplicación web manipulada. It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •

CVSS: 8.1EPSS: 0%CPEs: 72EXPL: 0

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Vulnerabilidad de fijación de sesión en Apache Tomcat 7.x en versiones anteriores a 7.0.66, 8.x en versiones anteriores a 8.0.30 y 9.x en versiones anteriores a 9.0.0.M2, cuando se utilizan configuraciones de sesión diferentes para despliegues de múltiples versiones de la misma aplicación web, podría permitir a atacantes remotos secuestrar sesiones web aprovechando el uso de un campo requestedSessionSSL para una petición no intencionada, relacionado con CoyoteAdapter.java y Request.java. A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://packetstormsecurity.com/files/135890/Apache-Tomcat-Session-Fixation.html http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://rhn.redhat.com/errata/RHSA-2016-2807.html http://rhn.redhat.com/errata/RHSA-2016-2 •

CVSS: 8.8EPSS: 0%CPEs: 104EXPL: 0

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. La implementación de persistencia de sesión en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.31 y 9.x en versiones anteriores a 9.0.0.M2 no maneja correctamente atributos de sesión, lo que permite a usuarios remotos autenticados eludir las restricciones de SecurityManager previstas y ejecutar código arbitrario en un contexto privilegiado a través de una aplicación web que sitúa un objeto manipulado en una sesión. It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-264: Permissions, Privileges, and Access Controls CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.8EPSS: 0%CPEs: 240EXPL: 0

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. La implementación Expression Language (EL) en Apache Tomcat 6.x anterior a 6.0.44, 7.x anterior a 7.0.58, y 8.x anterior a 8.0.16 no considera correctamente la posibilidad de una interfaz accesible implementada por una clase no accesible, lo que permite a atacantes evadir un mecanismo de protección SecurityManager a través de una aplicación web que aprovecha el uso de privilegios incorrectos durante la evaluación EL. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. • http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2015-1621.html http://rhn.redhat.com/errata/RHSA-2015-1622.html http://rhn.redhat.com/errata/RHSA-2016-0492.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://svn.apache.org/viewvc?view=revision&revision=1644018 http://svn.apache.org/viewvc?view=revision&revision=1645642 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apach • CWE-284: Improper Access Control •

CVSS: 6.4EPSS: 94%CPEs: 110EXPL: 0

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. java/org/apache/coyote/http11/filters/ChunkedInputFilter.java en Apache Tomcat 6.x anterior a 6.0.42, 7.x anterior a 7.0.55, y 8.x anterior a 8.0.9 no maneja correctamente los intentos de seguir leyendo datos después de un error haya ocurrido, lo que permite a atacantes remotos realizar ataques de la infiltración de solicitudes HTTP o causar una denegación de servicio (consumo de recursos) mediante la transmisión de datos con la codificación malformada de transferencias fragmentadas. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. • http://advisories.mageia.org/MGASA-2015-0081.html http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html http://marc.info/?l=bugtraq&m=143393515412274&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://rhn.redhat.com/erra • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •