- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200804-10 (Tomcat: Multiple vulnerabilities)
The following vulnerabilities were reported:
Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342).
When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286).
If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002).
An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461).
Tomcat does not properly handle double quote (') characters or %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks (CVE-2007-5333).
Impact :
These vulnerabilities can be exploited by:
a malicious web application to add or overwrite files with the permissions of the user running Tomcat.
a remote attacker to conduct session hijacking or disclose sensitive data.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top