VYPR

rpm package

suse/tomcat&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Vulnerabilities (6)

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 9.0.82-150200.46.1fixed 9.0.82-150200.46.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-41080Aug 25, 2023
    affected < 9.0.82-150200.46.1fixed 9.0.82-150200.46.1

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, E

  • CVE-2023-28709May 22, 2023
    affected < 9.0.75-150200.41.1fixed 9.0.75-150200.41.1

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a

  • CVE-2023-28708Mar 22, 2023
    affected < 9.0.43-150200.35.1fixed 9.0.43-150200.35.1

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not i

  • CVE-2023-24998Feb 20, 2023
    affected < 9.0.43-150200.35.1fixed 9.0.43-150200.35.1

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur

  • CVE-2022-45143Jan 3, 2023
    affected < 9.0.43-150200.38.1fixed 9.0.43-150200.38.1

    The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that inv