FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
25e0593d-13c0-11e5-9afb-3c970e169bc2	tomcat -- multiple vulnerabilities Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited Denial of Service as Tomcat would never close the connection and a processing thread would remain allocated to the connection. Moderate: Security Manager bypass CVE-2014-7810 Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section. Discovery 2015-05-12 Entry 2015-06-16 Modified 2017-03-18 tomcat < 6.0.44 tomcat7 < 7.0.55 tomcat8 < 8.0.9 hadoop2 <= 2.6.0 oozie <= 4.1.0 CVE-2014-0230 CVE-2014-7810 https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44
5dd39f26-ed68-11e5-92ce-002590263bf5	hadoop2 -- unauthorized disclosure of data vulnerability Arun Suresh reports: RPC traffic from clients, potentially including authentication credentials, may be intercepted by a malicious user with access to run tasks or containers on a cluster. Discovery 2016-02-15 Entry 2016-03-19 hadoop2 >= 2.6 lt 2.7 CVE-2015-1776 http://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/browser

VuXML ID

Description

25e0593d-13c0-11e5-9afb-3c970e169bc2

tomcat -- multiple vulnerabilities

Apache Software Foundation reports:

Low: Denial of Service CVE-2014-0230

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited Denial of Service as Tomcat would never close the connection and a processing thread would remain allocated to the connection.

Moderate: Security Manager bypass CVE-2014-7810

Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section.

Discovery 2015-05-12
Entry 2015-06-16
Modified 2017-03-18
tomcat

< 6.0.44

tomcat7

< 7.0.55

tomcat8

< 8.0.9

hadoop2

<= 2.6.0

oozie

<= 4.1.0

CVE-2014-0230
CVE-2014-7810
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44

5dd39f26-ed68-11e5-92ce-002590263bf5

hadoop2 -- unauthorized disclosure of data vulnerability

Arun Suresh reports:

RPC traffic from clients, potentially including authentication credentials, may be intercepted by a malicious user with access to run tasks or containers on a cluster.

Discovery 2016-02-15
Entry 2016-03-19
hadoop2

>= 2.6 lt 2.7

CVE-2015-1776
http://mail-archives.apache.org/mod_mbox/hadoop-general/201602.mbox/browser