org.apache.tomcat:tomcat-util-scan@8.0.1 vulnerabilities
-
latest version
10.1.24
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
8 days ago
-
licenses detected
- [8.0.0-RC10,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tomcat:tomcat-util-scan package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.tomcat:tomcat-util-scan is a Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors. Affected versions of this package are vulnerable to Information Exposure. It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. How to fix Information Exposure? Upgrade |
[8,8.0.37)
[8.5.0,8.5.5)
[9-alpha,9.0.0.M10)
|
org.apache.tomcat:tomcat-util-scan is a Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors. Affected versions of this package are vulnerable to Arbitrary File Read. Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. How to fix Arbitrary File Read? Upgrade |
[8.0.0,8.0.6)
|