- Home
- CVEs with nessus.description==The+remote+host+is+affected+by+the+vulnerability+described+in+GLSA-200804-10+%28Tomcat%3A+Multiple+vulnerabilities%29%0A%0A++++The+following+vulnerabilities+were+reported%3A%0A++++Delian+Krustev+discovered+that+the+JULI+logging+component+does+not+++++properly+enforce+access+restrictions%2C+allowing+web+application+to+add+++++or+overwrite+files+%28CVE-2007-5342%29.%0A++++When+the+native+APR+connector+is+used%2C+Tomcat+does+not+properly+handle+++++an+empty+request+to+the+SSL+port%2C+which+allows+remote+attackers+to+++++trigger+handling+of+a+duplicate+copy+of+one+of+the+recent+requests+++++%28CVE-2007-6286%29.%0A++++If+the+processing+or+parameters+is+interrupted%2C+i.e.+by+an+exception%2C+++++then+it+is+possible+for+the+parameters+to+be+processed+as+part+of+later+++++request+%28CVE-2008-0002%29.%0A++++An+absolute+path+traversal+vulnerability+exists+due+to+the+way+that+++++WebDAV+write+requests+are+handled+%28CVE-2007-5461%29.%0A++++Tomcat+does+not+properly+handle+double+quote+%28%27%29+characters+or+%255C+++++%28encoded+backslash%29+sequences+in+a+cookie+value%2C+which+might+cause+++++sensitive+information+such+as+session+IDs+to+be+leaked+to+remote+++++attackers+and+enable+session+hijacking+attacks+++++%28CVE-2007-5333%29.%0A++Impact+%3A%0A%0A++++These+vulnerabilities+can+be+exploited+by%3A%0A++++a+malicious+web+application+to+add+or+overwrite+files+with+the+++++permissions+of+the+user+running+Tomcat.%0A++++a+remote+attacker+to+conduct+session+hijacking+or+disclose+sensitive+++++data.%0A++Workaround+%3A%0A%0A++++There+is+no+known+workaround+at+this+time
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top