Micro Focus Security Bulletin MFSBGN03830 1 - A potential security vulnerability has been identified with Service Manager The vulnerability could be exploited to unauthorized disclosure of information. Revision 1 of this advisory.
312bd5ed0489a89246ba2b5ecfb83673c64e6c1a8206a2ec696c39733a9ff23a
Micro Focus Security Bulletin MFSBGN03813 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Network Operations Management (NOM) Suite CDF. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
e0f22b9b84fc8081355ec2a3d521b33a94614093adcf2b9bd77407a8160b1634
Ubuntu Security Notice 3519-1 - It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
38382610e11f924ba68fd9e1ac30126f36e4138680f20e49f3193dccf7392465
Red Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
5ee983090f72ece9f5cb9792f0c4f5e3483212e72951bcc2f52b90e4f854419f
Red Hat Security Advisory 2017-3080-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.
72e971421dc578d94992998ea2583fa3d26096b02f8d1943c478536a76eccf76
Red Hat Security Advisory 2017-2493-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
433eb5a4ba8c2a4ffb2b9fdb5aae2ede9d17adb9eef7d9ad9f509286e86517e5
Red Hat Security Advisory 2017-2494-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2.
5df0cde009ea76fc4d097ec8af7d6914e065e0eb2e8b377de3486c9be15a06b4
Red Hat Security Advisory 2017-1802-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
1602567b2941f8a71630e044ec64baa8da301c97999fda6d0db02fe7640f5043
Red Hat Security Advisory 2017-1801-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
4845740ebc70babce611a556483d39dc408012eba864ad9958098ff60f729ef5
HPE Security Bulletin HPESBHF03730 2 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 2 of this advisory.
1c68d7665ce163cfc88b5794bc70ac143cf7ec06283e0cdded0598de1c32fea7
HPE Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.
2e54f155f6a6a7798dfeaf9418f020bd83703cdf9426cfeb5c27c907c8e60a72
Gentoo Linux Security Advisory 201705-9 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to privilege escalation. Versions less than 8.0.36 are affected.
32a00eece0fedfca7e3d14c18c552d78e1bb762223bc097962ee70ea1c994b64
Debian Linux Security Advisory 3843-1 - Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine.
36b73d37d4ac232d779acc48057f8c4763d48863342cb9d845dc45730f641a70
Debian Linux Security Advisory 3842-1 - Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine.
84181250c09b447af8290f314336cc965b96a6bfa3a093531e511eccf9932c3b