Executive Summary
Summary | |
---|---|
Title | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities |
Informations | |||
---|---|---|---|
Name | HPSBUX02860 SSRT101146 | First vendor Publication | 2013-03-28 |
Vendor | HP | Last vendor Modification | 2013-03-28 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03716627 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
21 % | CWE-264 | Permissions, Privileges, and Access Controls |
21 % | CWE-200 | Information Exposure |
16 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
11 % | CWE-20 | Improper Input Validation |
5 % | CWE-399 | Resource Management Errors |
5 % | CWE-255 | Credentials Management |
5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
5 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10231 | |||
Oval ID: | oval:org.mitre.oval:def:10231 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10422 | |||
Oval ID: | oval:org.mitre.oval:def:10422 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10716 | |||
Oval ID: | oval:org.mitre.oval:def:10716 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11041 | |||
Oval ID: | oval:org.mitre.oval:def:11041 | ||
Title: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12879 | |||
Oval ID: | oval:org.mitre.oval:def:12879 | ||
Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12963 | |||
Oval ID: | oval:org.mitre.oval:def:12963 | ||
Title: | DSA-2207-1 tomcat5.5 -- several | ||
Description: | Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2207-1 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13787 | |||
Oval ID: | oval:org.mitre.oval:def:13787 | ||
Title: | USN-788-1 -- tomcat6 vulnerabilities | ||
Description: | Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files | ||
Family: | unix | Class: | patch |
Reference(s): | USN-788-1 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 9.04 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13969 | |||
Oval ID: | oval:org.mitre.oval:def:13969 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14328 | |||
Oval ID: | oval:org.mitre.oval:def:14328 | ||
Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14573 | |||
Oval ID: | oval:org.mitre.oval:def:14573 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2526 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14589 | |||
Oval ID: | oval:org.mitre.oval:def:14589 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14743 | |||
Oval ID: | oval:org.mitre.oval:def:14743 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2729 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14931 | |||
Oval ID: | oval:org.mitre.oval:def:14931 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14933 | |||
Oval ID: | oval:org.mitre.oval:def:14933 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14945 | |||
Oval ID: | oval:org.mitre.oval:def:14945 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15018 | |||
Oval ID: | oval:org.mitre.oval:def:15018 | ||
Title: | USN-1359-1 -- Tomcat vulnerabilities | ||
Description: | tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1359-1 CVE-2011-3375 CVE-2011-4858 CVE-2012-0022 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Tomcat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15171 | |||
Oval ID: | oval:org.mitre.oval:def:15171 | ||
Title: | USN-1298-1 -- Apache Commons Daemon vulnerability | ||
Description: | commons-daemon: wrapper to launch Java applications as daemons Apache Commons Daemon would allow unintended access to files over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1298-1 CVE-2011-2729 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 | Product(s): | Apache |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15309 | |||
Oval ID: | oval:org.mitre.oval:def:15309 | ||
Title: | DSA-2401-1 tomcat6 -- several | ||
Description: | Several vulnerabilities have been found in Tomcat, a servlet and JSP engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. CVE-2011-2204 In rare setups passwords were written into a logfile. CVE-2011-2526 Missing input sanisiting in the HTTP APR or HTTP NIO connectors could lead to denial of service. CVE-2011-3190 AJP requests could be spoofed in some setups. CVE-2011-3375 Incorrect request caching could lead to information disclosure. CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2401-1 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tomcat6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15435 | |||
Oval ID: | oval:org.mitre.oval:def:15435 | ||
Title: | USN-1252-1 -- Tomcat vulnerabilities | ||
Description: | tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1252-1 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Tomcat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16925 | |||
Oval ID: | oval:org.mitre.oval:def:16925 | ||
Title: | Vulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0. Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle GoldenGate Director Oracle GoldenGate Veridata |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18532 | |||
Oval ID: | oval:org.mitre.oval:def:18532 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2227 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18886 | |||
Oval ID: | oval:org.mitre.oval:def:18886 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4858 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18913 | |||
Oval ID: | oval:org.mitre.oval:def:18913 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18915 | |||
Oval ID: | oval:org.mitre.oval:def:18915 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18934 | |||
Oval ID: | oval:org.mitre.oval:def:18934 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19110 | |||
Oval ID: | oval:org.mitre.oval:def:19110 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19169 | |||
Oval ID: | oval:org.mitre.oval:def:19169 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1184 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19269 | |||
Oval ID: | oval:org.mitre.oval:def:19269 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19322 | |||
Oval ID: | oval:org.mitre.oval:def:19322 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-5885 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19345 | |||
Oval ID: | oval:org.mitre.oval:def:19345 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19355 | |||
Oval ID: | oval:org.mitre.oval:def:19355 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2693 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19379 | |||
Oval ID: | oval:org.mitre.oval:def:19379 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19414 | |||
Oval ID: | oval:org.mitre.oval:def:19414 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3548 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19431 | |||
Oval ID: | oval:org.mitre.oval:def:19431 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2902 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19432 | |||
Oval ID: | oval:org.mitre.oval:def:19432 | ||
Title: | HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities | ||
Description: | The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-5885 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19450 | |||
Oval ID: | oval:org.mitre.oval:def:19450 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2729 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19452 | |||
Oval ID: | oval:org.mitre.oval:def:19452 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19465 | |||
Oval ID: | oval:org.mitre.oval:def:19465 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19492 | |||
Oval ID: | oval:org.mitre.oval:def:19492 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1157 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19493 | |||
Oval ID: | oval:org.mitre.oval:def:19493 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19514 | |||
Oval ID: | oval:org.mitre.oval:def:19514 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2526 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19532 | |||
Oval ID: | oval:org.mitre.oval:def:19532 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19631 | |||
Oval ID: | oval:org.mitre.oval:def:19631 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2902 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19852 | |||
Oval ID: | oval:org.mitre.oval:def:19852 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1157 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20415 | |||
Oval ID: | oval:org.mitre.oval:def:20415 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3548 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20429 | |||
Oval ID: | oval:org.mitre.oval:def:20429 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2693 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20494 | |||
Oval ID: | oval:org.mitre.oval:def:20494 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0022 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20555 | |||
Oval ID: | oval:org.mitre.oval:def:20555 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2227 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20649 | |||
Oval ID: | oval:org.mitre.oval:def:20649 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20657 | |||
Oval ID: | oval:org.mitre.oval:def:20657 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21312 | |||
Oval ID: | oval:org.mitre.oval:def:21312 | ||
Title: | RHSA-2012:0475: tomcat6 security update (Moderate) | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0475-03 CESA-2012:0475 CVE-2011-4858 CVE-2012-0022 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21420 | |||
Oval ID: | oval:org.mitre.oval:def:21420 | ||
Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21713 | |||
Oval ID: | oval:org.mitre.oval:def:21713 | ||
Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21907 | |||
Oval ID: | oval:org.mitre.oval:def:21907 | ||
Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22826 | |||
Oval ID: | oval:org.mitre.oval:def:22826 | ||
Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22977 | |||
Oval ID: | oval:org.mitre.oval:def:22977 | ||
Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23319 | |||
Oval ID: | oval:org.mitre.oval:def:23319 | ||
Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23523 | |||
Oval ID: | oval:org.mitre.oval:def:23523 | ||
Title: | ELSA-2011:0791: tomcat6 security and bug fix update (Moderate) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23745 | |||
Oval ID: | oval:org.mitre.oval:def:23745 | ||
Title: | ELSA-2012:0475: tomcat6 security update (Moderate) | ||
Description: | Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0475-03 CVE-2011-4858 CVE-2012-0022 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25819 | |||
Oval ID: | oval:org.mitre.oval:def:25819 | ||
Title: | SUSE-SU-2013:1374-1 -- Security update for tomcat6 | ||
Description: | This update of tomcat6 fixes: * apache-tomcat-CVE-2012-3544.patch (bnc#831119) * use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) * Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 <http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch from m407) * fix a typo in initscript (bnc#768772 ) * copy all shell scripts (bnc#818948) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1374-1 CVE-2012-3544 CVE-2013-1976 CVE-2012-0022 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27374 | |||
Oval ID: | oval:org.mitre.oval:def:27374 | ||
Title: | DEPRECATED: ELSA-2012-0475 -- tomcat6 security update (moderate) | ||
Description: | [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0475 CVE-2011-4858 CVE-2012-0022 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28054 | |||
Oval ID: | oval:org.mitre.oval:def:28054 | ||
Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28146 | |||
Oval ID: | oval:org.mitre.oval:def:28146 | ||
Title: | DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate) | ||
Description: | [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5739 | |||
Oval ID: | oval:org.mitre.oval:def:5739 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6445 | |||
Oval ID: | oval:org.mitre.oval:def:6445 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6450 | |||
Oval ID: | oval:org.mitre.oval:def:6450 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6564 | |||
Oval ID: | oval:org.mitre.oval:def:6564 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6628 | |||
Oval ID: | oval:org.mitre.oval:def:6628 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7017 | |||
Oval ID: | oval:org.mitre.oval:def:7017 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2693 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7033 | |||
Oval ID: | oval:org.mitre.oval:def:7033 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification | ||
Description: | The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3548 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7092 | |||
Oval ID: | oval:org.mitre.oval:def:7092 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Increase in Privilege, Arbitrary File Modification | ||
Description: | Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2902 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9101 | |||
Oval ID: | oval:org.mitre.oval:def:9101 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
HP Performance Manager Apache Tomcat Policy Bypass | More info here |
ExploitDB Exploits
id | Description |
---|---|
2012-01-03 | PHP Hash Table Collision Proof Of Concept |
2010-04-22 | Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure... |
OpenVAS Exploits
Date | Description |
---|---|
2012-11-27 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows) File : nvt/gb_apache_tomcat_mult_sec_bypass_vuln_win.nasl |
2012-11-23 | Name : Ubuntu Update for tomcat6 USN-1637-1 File : nvt/gb_ubuntu_USN_1637_1.nasl |
2012-08-14 | Name : Fedora Update for tomcat6 FEDORA-2012-7593 File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-08-03 | Name : Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5) File : nvt/gb_mandriva_MDVSA_2012_085.nasl |
2012-08-02 | Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6) File : nvt/gb_suse_2012_0208_1.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2011:1780 centos6 File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2012:0474 centos5 File : nvt/gb_CESA-2012_0474_tomcat5_centos5.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2012:0475 centos6 File : nvt/gb_CESA-2012_0475_tomcat6_centos6.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2011:1780-01 File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2012:0475-01 File : nvt/gb_RHSA-2012_0475-01_tomcat6.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl |
2012-04-13 | Name : RedHat Update for tomcat5 RHSA-2012:0474-01 File : nvt/gb_RHSA-2012_0474-01_tomcat5.nasl |
2012-04-02 | Name : Fedora Update for apache-commons-daemon FEDORA-2011-10880 File : nvt/gb_fedora_2011_10880_apache-commons-daemon_fc16.nasl |
2012-04-02 | Name : Fedora Update for tomcat6 FEDORA-2011-13426 File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl |
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-16 | Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ... File : nvt/gb_VMSA-2012-0005.nasl |
2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
2012-02-21 | Name : Ubuntu Update for tomcat6 USN-1359-1 File : nvt/gb_ubuntu_USN_1359_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2401-1 (tomcat6) File : nvt/deb_2401_1.nasl |
2012-02-12 | Name : FreeBSD Ports: tomcat File : nvt/freebsd_tomcat0.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2012-01-20 | Name : Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win) File : nvt/gb_apache_tomcat_parameter_handling_dos_vuln_win.nasl |
2012-01-16 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win) File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl |
2012-01-12 | Name : Apache Tomcat Hash Collision Denial Of Service Vulnerability File : nvt/gb_apache_tomcat_hash_collision_dos_vuln_win.nasl |
2011-12-23 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl |
2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
2011-12-16 | Name : Ubuntu Update for commons-daemon USN-1298-1 File : nvt/gb_ubuntu_USN_1298_1.nasl |
2011-11-11 | Name : Fedora Update for tomcat6 FEDORA-2011-15005 File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl |
2011-11-11 | Name : Ubuntu Update for tomcat6 USN-1252-1 File : nvt/gb_ubuntu_USN_1252_1.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13456 File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
2011-10-21 | Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_156.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-09-09 | Name : Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability File : nvt/gb_tomcat_48667.nasl |
2011-09-08 | Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability File : nvt/gb_tomcat_48456.nasl |
2011-09-08 | Name : Apache Tomcat AJP Protocol Security Bypass Vulnerability File : nvt/gb_tomcat_49353.nasl |
2011-08-31 | Name : Fedora Update for apache-commons-daemon FEDORA-2011-10936 File : nvt/gb_fedora_2011_10936_apache-commons-daemon_fc15.nasl |
2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
2011-08-17 | Name : Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability File : nvt/gb_tomcat_49143.nasl |
2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386 File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386 File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2207-1 (tomcat5.5) File : nvt/deb_2207_1.nasl |
2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
2011-04-01 | Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 File : nvt/gb_ubuntu_USN_1097_1.nasl |
2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2160-1 (tomcat6) File : nvt/deb_2160_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
2011-03-05 | Name : FreeBSD Ports: tomcat55 File : nvt/freebsd_tomcat55.nasl |
2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
2011-02-22 | Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_030.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
2011-01-04 | Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579 File : nvt/gb_hp_ux_HPSBUX02579.nasl |
2010-12-02 | Name : Fedora Update for tomcat6 FEDORA-2010-16528 File : nvt/gb_fedora_2010_16528_tomcat6_fc14.nasl |
2010-11-16 | Name : Fedora Update for tomcat6 FEDORA-2010-16248 File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl |
2010-11-16 | Name : Fedora Update for tomcat6 FEDORA-2010-16270 File : nvt/gb_fedora_2010_16270_tomcat6_fc13.nasl |
2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl |
2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_177.nasl |
2010-08-30 | Name : Ubuntu Update for tomcat6 vulnerability USN-976-1 File : nvt/gb_ubuntu_USN_976_1.nasl |
2010-08-06 | Name : RedHat Update for tomcat5 RHSA-2010:0580-01 File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl |
2010-07-13 | Name : Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Servic... File : nvt/gb_apache_tomcat_41544.nasl |
2010-06-23 | Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02541 File : nvt/gb_hp_ux_HPSBUX02541.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-05-04 | Name : FreeBSD Ports: tomcat File : nvt/freebsd_tomcat.nasl |
2010-04-29 | Name : Apache Tomcat Security bypass vulnerability File : nvt/secpod_apache_tomcat_sec_bypass_vuln.nasl |
2010-04-23 | Name : Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnera... File : nvt/gb_apache_tomcat_39635.nasl |
2010-02-15 | Name : Ubuntu Update for tomcat6 vulnerabilities USN-899-1 File : nvt/gb_ubuntu_USN_899_1.nasl |
2010-01-28 | Name : Apache Tomcat Multiple Vulnerabilities January 2010 File : nvt/apache_tomcat_multiple_vulnerabilities_jan_10.nasl |
2009-12-03 | Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6) File : nvt/fcore_2009_11352.nasl |
2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6) File : nvt/fcore_2009_11356.nasl |
2009-12-03 | Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6) File : nvt/fcore_2009_11374.nasl |
2009-11-17 | Name : Apache Tomcat Windows Installer Privilege Escalation Vulnerability File : nvt/secpod_apache_tomcat_priv_esc_vuln_win.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1562 File : nvt/RHSA_2009_1562.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1563 File : nvt/RHSA_2009_1563.nasl |
2009-10-22 | Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466 File : nvt/gb_hp_ux_HPSBUX02466.nasl |
2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat52.nasl |
2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce.nasl |
2009-10-11 | Name : SLES11: Security update for Websphere Community Edition File : nvt/sles11_websphere-as_ce.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5055024.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:163 (tomcat5) File : nvt/mdksa_2009_163.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1164 (tomcat) File : nvt/ovcesa2009_1164.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1164 File : nvt/RHSA_2009_1164.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5) File : nvt/mdksa_2009_136.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:138 (tomcat5) File : nvt/mdksa_2009_138.nasl |
2009-06-30 | Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl |
2009-06-23 | Name : Ubuntu USN-788-1 (tomcat6) File : nvt/ubuntu_788_1.nasl |
2009-06-16 | Name : Apache Tomcat Multiple Vulnerabilities June-09 File : nvt/gb_apache_tomcat_mult_vuln_jun09.nasl |
2009-03-18 | Name : Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability File : nvt/gb_apache_tomcat_xss_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78573 | Apache Tomcat CPU Consumption Parameter Saturation Remote DoS |
78483 | Hitachi Cosminexus Multiple Product Hash Collission Form Parameter Parsing Re... Multiple Hitachi Cosminexus products contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
78113 | Apache Tomcat Hash Collission Form Parameter Parsing Remote DoS Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
76189 | Apache Tomcat HTTP DIGEST Authentication Weakness |
74818 | Apache Tomcat AJP Message Injection Authentication Bypass Apache Tomcat contains a flaw related to the processing of certain requests. The issue is triggered when a remote attacker injects arbitrary AJP messages. This may disclose sensitive information to an attacker or allow them to bypass authentication. |
74541 | Apache Tomcat Commons Daemon Jsvc Permissions Weakness Arbitrary File Access |
73798 | Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS |
73797 | Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res... |
73429 | Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure |
71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files. |
71557 | Apache Tomcat HTML Manager Multiple XSS The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
66319 | Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remo... |
64023 | Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure |
62054 | Apache Tomcat WAR Filename Traversal Work-directory File Deletion Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path of the host's work directory. The issue is due to Apache Tomcat not properly sanitizing the contents of a WAR file before it is deployed, which could be exploited by a directory traversal sequence in the file name(s) to delete and possibly create malicious files in the host's work directory. |
62052 | Apache Tomcat WAR File Traversal Arbitrary File Overwrite Apache Tomcat contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via file names of files contained in a WAR file. This directory traversal attack would allow the attacker to create or overwrite arbitrary files. |
60176 | Apache Tomcat Windows Installer Admin Default Password |
55056 | Apache Tomcat Cross-application TLD File Manipulation |
55055 | Apache Tomcat Illegally URL Encoded Password Request Username Enumeration |
55054 | Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade... |
55053 | Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access |
52899 | Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ... Apache Tomcat Examples Web Application Calendar Application contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'time' parameter upon submission to the 'jsp/cal/cal2.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-21 | IAVM : 2013-A-0219 - Multiple Vulnerabilities in Juniper Networks and Security Manager Severity : Category I - VMSKEY : V0042384 |
2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout denial of service att... RuleID : 20613 - Revision : 2 - Type : SPECIFIC-THREATS |
2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout DOS attempt RuleID : 20612 - Revision : 10 - Type : SERVER-APACHE |
2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
2014-01-10 | Apache Tomcat username enumeration attempt RuleID : 18096 - Revision : 7 - Type : SERVER-APACHE |
2014-02-08 | (http_inspect)webrootdirectorytraversal RuleID : 18 - Revision : 2 - Type : |
2014-01-10 | HP Performance Manager Apache Tomcat policy bypass attempt RuleID : 17156 - Revision : 8 - Type : SERVER-APACHE |
2019-01-15 | (http_inspect)directorytraversal RuleID : 11 - Revision : 2 - Type : |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20120405.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0266.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-129.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-883.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-884.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-100719.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-120109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_jakarta-commons-daemon-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-120109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_2_r5.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO |
2013-08-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-130802.nasl - Type : ACT_GATHER_INFO |
2013-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2725.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0623.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0640.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0005.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0647.nasl - Type : ACT_GATHER_INFO |
2013-03-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0640.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0623.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0640.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130311_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130312_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0623.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0629.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-130107.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-8397.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0584.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO |
2012-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20151.nasl - Type : ACT_GATHER_INFO |
2012-11-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1637-1.nasl - Type : ACT_GATHER_INFO |
2012-11-21 | Name : The remote Apache Tomcat server is affected by multiple security weaknesses. File : tomcat_5_5_36.nasl - Type : ACT_GATHER_INFO |
2012-11-21 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_36.nasl - Type : ACT_GATHER_INFO |
2012-11-21 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_30.nasl - Type : ACT_GATHER_INFO |
2012-11-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_152e4c7e2a2e11e299c700a0d181e71d.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120411_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120411_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
2012-05-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-085.nasl - Type : ACT_GATHER_INFO |
2012-04-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0474.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0475.nasl - Type : ACT_GATHER_INFO |
2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1359-1.nasl - Type : ACT_GATHER_INFO |
2012-02-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7933.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2012-01-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7f5ccb1d439b11e1bc160023ae8e59f0.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability File : tomcat_5_5_35.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability. File : tomcat_7_0_23.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7756.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1298-1.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7755.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-09-26 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO |
2011-09-02 | Name : The remote web server is affected by an authentication bypass vulnerability t... File : tomcat_7_0_21.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10936.nasl - Type : ACT_GATHER_INFO |
2011-08-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10880.nasl - Type : ACT_GATHER_INFO |
2011-08-16 | Name : The remote web server is affected by an information disclosure vulnerability. File : tomcat_7_0_20.nasl - Type : ACT_GATHER_INFO |
2011-08-03 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO |
2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12687.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_websphere-as_ce-090619.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO |
2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a security bypass vulnerability. File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO |
2010-11-15 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16528.nasl - Type : ACT_GATHER_INFO |
2010-11-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16248.nasl - Type : ACT_GATHER_INFO |
2010-11-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16270.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-6839.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7099.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12625.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-100719.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-100719.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-177.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-976-1.nasl - Type : ACT_GATHER_INFO |
2010-08-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_28.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK |
2010-05-28 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO |
2010-04-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7003.nasl - Type : ACT_GATHER_INFO |
2010-04-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3383e7064fc311df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12585.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-100216.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-100211.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-100210.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE system is missing the security patch tomcat5-6841 File : suse_tomcat5-6841.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-02-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-899-1.nasl - Type : ACT_GATHER_INFO |
2010-01-26 | Name : The web server running on the remote host is affected by multiple vulnerabili... File : tomcat_war_deploy_multiple_vulnerabilities.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11352.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11356.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11374.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-6369.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12460.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_websphere-as_ce-090620.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-6352.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-6312.nasl - Type : ACT_GATHER_INFO |
2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-090613.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-090613.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-138.nasl - Type : ACT_GATHER_INFO |
2009-06-22 | Name : The web server running on the remote host is affected by an information discl... File : tomcat_xml_parser.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_requestdispatcher_dir_traversal.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-788-1.nasl - Type : ACT_GATHER_INFO |
2009-03-09 | Name : The remote web server contains a JSP application that is affected by a cross-... File : tomcat_sample_cal2_xss2.nasl - Type : ACT_ATTACK |
2008-11-26 | Name : The management console for the remote web server is protected using a known s... File : tomcat_manager_common_creds.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2013-04-02 00:17:23 |
|