- Home
- CVEs with nessus.description==The version of Apache Tomcat installed on the remote host is 6.0.x
prior to 6.0.24. It is, therefore, affected by multiple
vulnerabilities :
- An unspecified flaw exists in the handling of pipelined requests
when 'Sendfile' was used. If sendfile processing completed
quickly, it was possible for the Processor to be added to the
processor cache twice. This could lead to invalid responses or
information disclosure. (CVE-2017-5647)
- An unspecified flaw in error page mechanism of the DefaultServlet
implementation allows a specially-crafted HTTP request to cause
undesired side effects, including the removal or replacement of
the custom error page. (CVE-2017-5664)
- An unspecified flaw affects servlet contexts configured as
readonly=false with HTTP PUT requests allowed. An attacker can
upload a JSP file to that context and execute arbitrary code.
(CVE-2017-12615, CVE-2017-12617)
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top