VYPR

rpm package

suse/tomcat6&distro=SUSE Linux Enterprise Server 11 SP4-LTSS

pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS

Vulnerabilities (7)

  • CVE-2021-25329Mar 1, 2021
    affected < 6.0.53-0.57.19.1fixed 6.0.53-0.57.19.1

    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note tha

  • CVE-2021-24122Jan 14, 2021
    affected < 6.0.53-0.57.19.1fixed 6.0.53-0.57.19.1

    When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpec

  • CVE-2020-9484May 20, 2020
    affected < 6.0.53-0.57.16.1fixed 6.0.53-0.57.16.1

    When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; a

  • CVE-2020-1938KEVFeb 24, 2020
    affected < 6.0.53-0.57.13.1fixed 6.0.53-0.57.13.1

    When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exp

  • CVE-2019-12418Dec 23, 2019
    affected < 6.0.53-0.57.16.1fixed 6.0.53-0.57.16.1

    When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack

  • CVE-2019-0221May 28, 2019
    affected < 6.0.53-0.57.16.1fixed 6.0.53-0.57.16.1

    The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be pr

  • CVE-2017-12617HigKEVOct 4, 2017
    affected < 6.0.53-0.57.19.1fixed 6.0.53-0.57.19.1

    When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a