Author: jmm Date: 2016-10-27 13:24:02 +0000 (Thu, 27 Oct 2016) New Revision: 45662
Modified: data/CVE/list Log: new tomcat issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-10-27 12:56:25 UTC (rev 45661) +++ data/CVE/list 2016-10-27 13:24:02 UTC (rev 45662) @@ -6371,14 +6371,29 @@ RESERVED CVE-2016-6798 RESERVED -CVE-2016-6797 +CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources] RESERVED -CVE-2016-6796 + - tomcat8 <unfixed> (low) + - tomcat7 <unfixed> (low) + - tomcat6 6.0.41-3 (low) + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs + NOTE: http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/ +CVE-2016-6796 [Apache Tomcat Security Manager Bypass] RESERVED + - tomcat8 <unfixed> (low) + - tomcat7 <unfixed> (low) + - tomcat6 6.0.41-3 (low) + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs + NOTE: http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/ CVE-2016-6795 RESERVED -CVE-2016-6794 +CVE-2016-6794 [Apache Tomcat System Property Disclosure] RESERVED + - tomcat8 <unfixed> (low) + - tomcat7 <unfixed> (low) + - tomcat6 6.0.41-3 (low) + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs + NOTE: http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/ CVE-2016-6793 RESERVED CVE-2015-8954 [suricata: evasion issues] @@ -12908,8 +12923,13 @@ NOT-FOR-US: BIG-IP CVE-2016-5019 (CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through ...) NOT-FOR-US: Apache MyFaces Trinidad -CVE-2016-5018 +CVE-2016-5018 [Apache Tomcat Security Manager Bypass] RESERVED + - tomcat8 <unfixed> (low) + - tomcat7 <unfixed> (low) + - tomcat6 6.0.41-3 (low) + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs + NOTE: http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/ CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 ...) {DLA-630-1} - zookeeper 3.4.9-1 @@ -26813,8 +26833,13 @@ - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3 -CVE-2016-0762 +CVE-2016-0762 [Apache Tomcat Realm Timing Attack] RESERVED + - tomcat8 <unfixed> (low) + - tomcat7 <unfixed> (low) + - tomcat6 6.0.41-3 (low) + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs + NOTE: http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/ CVE-2016-0761 RESERVED CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits