Ubuntu Security Notice 4557-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
9f854df2f31b73d069aea8b610b051dd4715b779d998975ff90093312a237d8bRed Hat Security Advisory 2017-2247-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a later upstream version: tomcat. Security Fix: The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
28ecc46e08ed2b7c979a1d7c62817c76de3fec2f53c823ecfaaac34707e0b9d8Red Hat Security Advisory 2017-0457-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
7b6d937a7363eb3534a17e5753987b42852580f1bf77ab54d81316639581af8aRed Hat Security Advisory 2017-0456-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
439006faa54fcb1a99274f4917c65ee29688301c270ba766630fe134a170fcffRed Hat Security Advisory 2017-0455-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.
229900bcc01d582272cfb12959e445a23c0cd6ee8d637f7acf5f7769ec2c427dUbuntu Security Notice 3177-2 - USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
57a72bb771cc2225db7906a9c2ff594538c87f4e7e8aaf43d8de9b80f0774ac5Ubuntu Security Notice 3177-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
2713577ab03cb9b5c070b7a23a9b0c6daedc179f766b08f40cfeaa05ec2a47d5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed