VYPR

rpm package

suse/tomcat&distro=SUSE Enterprise Storage 7

pkg:rpm/suse/tomcat&distro=SUSE%20Enterprise%20Storage%207

Vulnerabilities (5)

  • CVE-2023-28709May 22, 2023
    affected < 9.0.75-150200.41.1fixed 9.0.75-150200.41.1

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a

  • CVE-2023-28708Mar 22, 2023
    affected < 9.0.43-150200.35.1fixed 9.0.43-150200.35.1

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i

  • CVE-2023-24998Feb 20, 2023
    affected < 9.0.43-150200.35.1fixed 9.0.43-150200.35.1

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur

  • CVE-2022-45143Jan 3, 2023
    affected < 9.0.43-150200.38.1fixed 9.0.43-150200.38.1

    The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that inv

  • CVE-2022-23181Jan 27, 2022
    affected < 9.0.36-19.1fixed 9.0.36-19.1

    The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tom