Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_global_desktop
(Oracle)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 35 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | Tomcat, Ubuntu_linux, Debian_linux, Fusion_middleware, Hospitality_guest_access, Micros_relate_crm_software, Secure_global_desktop, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_middleware | 5.9 | ||
2018-10-04 | CVE-2018-11784 | When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | Tomcat, Ubuntu_linux, Debian_linux, Snap_creator_framework, Communications_application_session_controller, Hospitality_guest_access, Instantis_enterprisetrack, Retail_order_broker, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 4.3 | ||
2014-03-18 | CVE-2014-0098 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | Http_server, Ubuntu_linux, Http_server, Secure_global_desktop | N/A | ||
2014-07-20 | CVE-2014-0226 | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | Http_server, Debian_linux, Enterprise_manager_ops_center, Http_server, Secure_global_desktop, Jboss_enterprise_application_platform | N/A | ||
2017-06-20 | CVE-2017-3167 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services | 9.8 |