VYPR

rpm package

suse/tomcat&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (24)

  • CVE-2016-8735CriKEVApr 6, 2017
    affected < 7.0.78-7.13.4fixed 7.0.78-7.13.4

    Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated

  • CVE-2016-6816HigMar 20, 2017
    affected < 7.0.78-7.13.4fixed 7.0.78-7.13.4

    The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characte

  • CVE-2016-5388HigJul 19, 2016
    affected < 7.0.78-7.13.4fixed 7.0.78-7.13.4

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacke

  • CVE-2016-3092HigJul 4, 2016
    affected < 7.0.78-7.13.4fixed 7.0.78-7.13.4

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long bo

Page 2 of 2