Debian Bug report logs -
#929895
tomcat9: CVE-2019-0221
Package:
src:tomcat9;
Maintainer for src:tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 2 Jun 2019 19:24:01 UTC
Severity: normal
Tags: security, upstream
Found ...
Synopsis
Important: Red Hat JBoss Web Server 31 Service Pack 8 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Commo ...
Synopsis
Important: Red Hat JBoss Web Server 31 Service Pack 8 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulnerability Scorin ...
Synopsis
Moderate: Red Hat JBoss Web Server 52 security release
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Web Server 520 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this update as having a security impactof Moderate A C ...
Synopsis
Moderate: Red Hat JBoss Web Server 52 security release
Type/Severity
Security Advisory: Moderate
Topic
Updated Red Hat JBoss Web Server 520 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...
Several issues were discovered in the Tomcat servlet and JSP engine, which
could result in session fixation attacks, information disclosure, cross-site
scripting, denial of service via resource exhaustion and insecure
redirects
For the oldstable distribution (stretch), these problems have been fixed
in version 8550-0+deb9u1 This update also req ...
Several security issues were fixed in Tomcat 8 ...
Several security issues were fixed in Tomcat 9 ...
The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually lea ...
The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...
The SSI printenv command in Apache Tomcat 900M1 to 90017, 850 to 8539 and 700 to 7093 echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...
The SSI printenv command in Apache Tomcat 900M1 to 90017, 850 to 8539 and 700 to 7093 echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...