-
## Describe the Bug
Multiple high severity vulnerabilities with apache tomcat_tomcat-embed-core - we use Prisma Cloud in our environment to scan our builds, it has detected the following issues with …
-
**Description**
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for ex…
-
When working with a recent snapshot/RC (`5.3.5.80-SNAPSHOT-tomcat9.0-jdk11-openjdk`), I saw some oddities in my logs:
```
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UN…
-
Reading file using CVE-2020-1938
```
$ python tomcat.py read_file --webapp=manager /WEB-INF/web.xml 172.17.0.2
```
`--webapp=manager` is not always the case, it might just be omitted.
-
We use KnowageLabs/Knowage-Server-Docker, pubish konwage project on AWS.
url:https…
-
https://github.com/hypn0s/AJPy
-
Jetty version: 9_4_26
java version: 1.8
Hi Team,
As Jetty 9_4_26 uses Tomcat 8.5.40, there are multiple CVEs reported, Is jetty 9_4_26 with tomcat 8.5.40 jars are vulnerable with below CVE…
-
**Slack us first!**
https://owasp.slack.com/archives/C2P5BA8MN/p1627056588112000
here is describe my problem ^
**Be informative**
I upgraded from 1.15 to 2.0.3
I have deduplication on endpoints…
-
**Vulnerabilities**
DepShield reports that this application's usage of [org.apache.tomcat.embed:tomcat-embed-core:9.0.29](https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tom…
-
Hello,
Since CVE-2020-1938 vulnerability, Tomcat change/add some default settings for AJP connector.
By default, he listen only on localhost and we need to explicit add "address="{{ tomcat_list…