VYPR

rpm package

suse/tomcat&distro=SUSE Linux Enterprise Server 12

pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012

Vulnerabilities (8)

  • CVE-2016-0763MedFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticate

  • CVE-2016-0714HigFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary co

  • CVE-2016-0706MedFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass int

  • CVE-2015-5351HigFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a toke

  • CVE-2015-5346HigFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leverag

  • CVE-2015-5345MedFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that l

  • CVE-2015-5174MedFeb 25, 2016
    affected < 7.0.68-7.6.1fixed 7.0.68-7.6.1

    Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname

  • CVE-2014-7810Jun 7, 2015
    affected < 7.0.55-8.2fixed 7.0.55-8.2

    The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager