Apache tomcat 8and install11/28/2023 ![]() ![]() Vulnerable Version : Apache Software Foundation: Apache Portable Runtime version prior to 0.9.19 and APR Utility versions prior to 0.9.19, Apache 2.2.16 and prior, Apache 2.0.63 and prior Title :Multiple Vendor Expat "big2_toUtf8" Buffer Over-Read DoS Vulnerabilityĭescription:Remote exploitation of a design error vulnerability in Expat, as included in various vendors' operating system distributions, could allow attackers to create a denial of service (DoS) condition on the targeted host. Will the JSS supports the latest Apache build? Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.When I upgraded my JSS to 9.93, Our Security team hit me up indicating the following Vulnerabilities. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. ![]() 2 01:50:14.697 INFO .VersionLoggerListener.log Server version name: Apache Tomcat/9.0.43Ģ 01:50:14.707 INFO .VersionLoggerListener.log Server built: 20:25:45 UTCĢ 01:50:14.707 INFO .VersionLoggerListener.log Server version number: 9.0.43.0Ģ 01:50:14.707 INFO .VersionLoggerListener.log OS Name: Windows Server 2016Ģ 01:50:14.707 INFO .VersionLoggerListener.log OS Version: 10.0Ģ 01:50:14.707 INFO .VersionLoggerListener.log Architecture: amd64Ģ 01:50:14.707 INFO .VersionLoggerListener.log Java Home: C:\Program Files\Java\jdk-15.0.2Ģ 01:50:14.707 INFO .VersionLoggerListener.log JVM Version: 15.0.2+7-27Ģ 01:50:14.707 INFO .VersionLoggerListener.log JVM Vendor: Oracle CorporationĢ 01:50:14.707 INFO .VersionLoggerListener.log CATALINA_BASE: C:\Program Files\Apache Software Foundation\Tomcat 9.0Ģ 01:50:14.707 INFO .VersionLoggerListener.log CATALINA_HOME: C:\Program Files\Apache Software Foundation\Tomcat 9.0Ģ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: =C:\Program Files\Apache Software Foundation\Tomcat 9.0Ģ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\Program Files\Apache Software Foundation\Tomcat 9.0Ģ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=C:\Program Files\Apache Software Foundation\Tomcat 9.0\tempĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: =Ģ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: .file=C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\logging.propertiesĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -add-opens=java.base/java.lang=ALL-UNNAMEDĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -add-opens=java.base/java.io=ALL-UNNAMEDĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -add-opens=java.rmi/=ALL-UNNAMEDĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: exitĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: abortĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -Xms128mĢ 01:50:14.730 INFO .VersionLoggerListener.log Command line argument: -Xmx256mĢ 01:50:14.730 INFO .AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the : Ģ 01:50:15.194 INFO .init Initializing ProtocolHandler Ģ 01:50:15.319 INFO .Catalina.load Server initialization in millisecondsĢ 01:50:15.382 INFO .StandardService.startInternal Starting service Ģ 01:50:15.382 INFO .StandardEngine.startInternal Starting Servlet engine: Ģ 01:50:15.429 INFO .ployWAR Deploying web application archive Ģ 01:50:36.120 INFO .TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |