Latest apache tomee Vulnerabilities

CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from ...
maven/org.apache.santuario:xmlsec<2.1.7
maven/org.apache.santuario:xmlsec>=2.2.0<2.2.3
Apache Santuario XML Security for Java<2.1.7
Apache Santuario XML Security for Java>=2.2.0<2.2.3
Apache CXF=3.4.4
Apache TomEE<8.0.8
and 70 more
CVE-2021-33037
Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header,...
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el8
and 91 more
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP...
Apache CXF<3.3.11
Apache CXF>=3.4.0<3.4.4
Apache TomEE=8.0.6
Oracle Business Intelligence=5.5.0.0.0
Oracle Business Intelligence=5.9.0.0.0
Oracle Business Intelligence=12.2.1.3.0
and 12 more
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP ...
Apache TomEE>=1.0.0<=1.7.5
Apache TomEE>=7.0.0<=7.0.8
Apache TomEE>=7.1.0<=7.1.3
Apache TomEE>=8.0.0<=8.0.3
Apache TomEE=7.0.0-m1
Apache TomEE=7.0.0-m2
and 2 more
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. ...
Apache TomEE>=1.0.0<=1.7.5
Apache TomEE>=7.0.0<=7.0.7
Apache TomEE>=7.1.0<=7.1.2
Apache TomEE>=8.0.0<=8.0.1
Apache TomEE=7.0.0-m1
Apache TomEE=7.0.0-m2
and 2 more
CVE-2019-17569
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el6
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el6
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el7
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el7
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el8
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el8
and 30 more
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.63
Apache TomEE=7.0.7
Apache TomEE=7.1.2
Apache TomEE=8.0.1
Netapp Active Iq Unified Manager Linux>=7.3
Netapp Active Iq Unified Manager Windows>=7.3
and 28 more
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
redhat/rhvm-dependencies<0:4.4.0-1.el8e
IBM Data Risk Manager<=2.0.6
maven/org.quartz-scheduler:quartz<2.3.2
redhat/quartz<2.3.2
Softwareag Quartz<2.3.2
Oracle Apache Batik Mapviewer=12.2.0.1
and 178 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203