FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371350
Date:      2014-10-22
Time:      08:54:58Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
553ec4ed-38d6-11e0-94b1-000c29ba66d2tomcat -- Cross-site scripting vulnerability

The Tomcat security team reports:

The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages.


Discovery 2010-11-12
Entry 2011-02-15
Modified 2011-09-30
tomcat
gt 5.5.0 lt 5.5.32

tomcat
gt 6.0.0 lt 6.0.30

tomcat
gt 7.0.0 lt 7.0.6

CVE-2011-0013
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6
553ec4ed-38d6-11e0-94b1-000c29ba66d2tomcat -- Cross-site scripting vulnerability

The Tomcat security team reports:

The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages.


Discovery 2010-11-12
Entry 2011-02-15
Modified 2011-09-30
tomcat
gt 5.5.0 lt 5.5.32

tomcat
gt 6.0.0 lt 6.0.30

tomcat
gt 7.0.0 lt 7.0.6

CVE-2011-0013
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6
7f5ccb1d-439b-11e1-bc16-0023ae8e59f0tomcat -- Denial of Service

The Tomcat security team reports:

Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.


Discovery 2011-10-21
Entry 2012-01-17
tomcat
gt 5.5.0 lt 5.5.35

tomcat
gt 6.0.0 lt 6.0.34

tomcat
gt 7.0.0 lt 7.0.23

CVE-2012-0022
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23
3383e706-4fc3-11df-83fb-0015587e2cc1tomcat -- information disclosure vulnerability

The Apache software foundation reports:

The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one.

In some circumstances this can expose the local hostname or IP address of the machine running Tomcat.


Discovery 2010-04-22
Entry 2010-04-24
tomcat
gt 5.5.0 lt 5.5.30

gt 6.0.0 lt 6.0.27

CVE-2010-1157
ports/146022
http://seclists.org/bugtraq/2010/Apr/200
7f5ccb1d-439b-11e1-bc16-0023ae8e59f0tomcat -- Denial of Service

The Tomcat security team reports:

Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.


Discovery 2011-10-21
Entry 2012-01-17
tomcat
gt 5.5.0 lt 5.5.35

tomcat
gt 6.0.0 lt 6.0.34

tomcat
gt 7.0.0 lt 7.0.23

CVE-2012-0022
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23
3383e706-4fc3-11df-83fb-0015587e2cc1tomcat -- information disclosure vulnerability

The Apache software foundation reports:

The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one.

In some circumstances this can expose the local hostname or IP address of the machine running Tomcat.


Discovery 2010-04-22
Entry 2010-04-24
tomcat
gt 5.5.0 lt 5.5.30

gt 6.0.0 lt 6.0.27

CVE-2010-1157
ports/146022
http://seclists.org/bugtraq/2010/Apr/200