CVE-2018-8034 Apache Tomcat - Security Constraint Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.9
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.35 to 7.0.88
Description:
The host name
CVE-2017-7675 Apache Tomcat Security Constraint Bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Apache Tomcat 8.5.0 to 8.5.15
Description:
The HTTP/2 implementation bypassed a number of security checks that
prevented
issue was reported as Bug 61120 and the security implications
identified by the Apache Tomcat Security Team.
History:
2017-08-10 Original advisory
References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
[4
later
Credit:
This issue was reported responsibly to the Apache Tomcat Security Team
by Aniket Nandkishor Kulkarni from Tata Consultancy Services Ltd,
Mumbai, India as a vulnerability that allowed the restrictions on
OPTIONS and TRACE requests to be bypassed. The full implications of this
issue were
CVE-2016-6796 Apache Tomcat Security Manager Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier
CVE-2016-5018 Apache Tomcat Security Manager Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier
8.0.37 or later
- Upgrade to Apache Tomcat 7.0.72 or later
(Apache Tomcat 7.0.71 has the fix but was not released)
- Upgrade to Apache Tomcat 6.0.47 or later
(Apache Tomcat 6.0.46 has the fix but was not released)
Credit:
This issue was discovered by the Apache Tomcat Security Team.
Refe
El 22/02/2016 a las 06:23 a.m., Mark Thomas escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0763 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0706 Apache Tomcat Security Manager bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0714 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0763 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache Tomcat 9.0.0.M1 to 9.0.0.M2
Apache Tomcat security team.
References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVVKsbAAoJEBDAHFovYFnnTkYQAMos6+1kaJ+d+h0oGeiG7CDV
PxcQ
On 5/17/2011 5:46 AM, Mark Thomas wrote:
CVE-2011-1582 Apache Tomcat security constraint bypass
Description:
An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that
security constraints configured via annotations were ignored on the
first request to a Servlet. Subsequent requests were
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1582 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.12-7.0.13
- - Earlier versions are not affected
Description:
An error in the fixes for CVE-2011
CVE-2011-1183 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.11
- Earlier versions are not affected
Description:
A regression in the fix for CVE-2011-1088 meant that security
constraints were ignored when no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1088 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.10
- - Earlier versions are not affected
Description:
When a web application was started
The best place to begin is with a security firm or
consulting firm that provides security audits and has
professionals who are already experienced with tomcat
and apache httpd (along with your OS, DB and network
architecture). It's never a good idea to skimp where
security is concerned and there i
Hi,
I don't have much experience with Apache/Tomcat servers. I have to perform
some kind of security audit to these servers...
What and where to begin ?
What should I look for ?
For the Apache server I supposed I should look in the httpd.conf e .htaccess
files ? What to look for ?
Thanks in advan
18 matches
Mail list logo
