VYPR

rpm package

opensuse/tomcat10&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/tomcat10&distro=openSUSE%20Tumbleweed

Vulnerabilities (91)

  • CVE-2017-5647HigApr 17, 2017
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous reque

  • CVE-2016-3092HigJul 4, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long bo

  • CVE-2016-0763MedFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticate

  • CVE-2016-0714HigFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary co

  • CVE-2016-0706MedFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass int

  • CVE-2015-5351HigFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a toke

  • CVE-2015-5346HigFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leverag

  • CVE-2015-5345MedFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that l

  • CVE-2015-5174MedFeb 25, 2016
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname

  • CVE-2014-0050Apr 1, 2014
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit

  • CVE-2013-1976Jul 9, 2013
    affected < 10.1.14-1.1fixed 10.1.14-1.1

    The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) to

Page 5 of 5