- Home
- CVEs with nessus.description==According to its self-reported version, the MySQL Enterprise Monitor
application running on the remote host is 3.2.x prior to 3.2.2.1075.
It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the
bundled version of Apache Tomcat in the Manager and Host
Manager web applications due to a flaw in the index page
when issuing redirects in response to unauthenticated
requests for the root directory of the application. An
authenticated, remote attacker can exploit this to gain
access to the XSRF token information stored in the index
page. (CVE-2015-5351)
- A remote code execution vulnerability exists in the
JMXInvokerServlet interface due to improper validation
of Java objects before deserialization. An
authenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2015-7501)
- A remote code execution vulnerability exists in the
Framework subcomponent that allows an authenticated,
remote attacker to execute arbitrary code.
(CVE-2016-0635)
- An information disclosure vulnerability exists in the
bundled version of Apache Tomcat that allows a specially
crafted web application to load the
StatusManagerServlet. An authenticated, remote attacker
can exploit this to gain unauthorized access to a list
of all deployed applications and a list of the HTTP
request lines for all requests currently being
processed. (CVE-2016-0706)
- A remote code execution vulnerability exists in the
bundled version of Apache Tomcat due to a flaw in the
StandardManager, PersistentManager, and cluster
implementations that is triggered when handling
persistent sessions. An authenticated, remote attacker
can exploit this, via a crafted object in a session, to
bypass the security manager and execute arbitrary code.
(CVE-2016-0714)
- A security bypass vulnerability exists in the bundled
version of Apache Tomcat due to a failure to consider
whether ResourceLinkFactory.setGlobalContext callers are
authorized. An authenticated, remote attacker can
exploit this, via a web application that sets a crafted
global context, to bypass intended SecurityManager
restrictions and read or write to arbitrary application
data or cause a denial of service condition.
(CVE-2016-0763)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top