You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think there's a misinterpretation of the web server header / banner: Server: Apache-Coyote/1.1 . To my knowledge all version of Tomcat and friends have that banner.
Issue detail
The following vulnerabilities for software Apache Coyote (Tomcat) - 1.1 found:
CVE-2013-4286 - 5.8 - CVE-2013-4286 Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification...
CVE-2013-4590 - 4.3 - CVE-2013-4590 Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML documen...
[..]
CVE-2005-2090 - 4.3 - CVE-2005-2090 Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a...
[..]
Cheers, Dirk
The text was updated successfully, but these errors were encountered:
Hi,
thx for your tremendously useful software.
I think there's a misinterpretation of the web server header / banner:
Server: Apache-Coyote/1.1. To my knowledge all version of Tomcat and friends have that banner.Cheers, Dirk
The text was updated successfully, but these errors were encountered: