Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history 
GHSA-3p86-xgrq-m6p6
GHSA-c57p-3v2g-w9rg
GHSA-gw85-4gmf-m7rh
GHSA-q9xf-jwr4-v445
GHSA-qwwj-qj3f-9hv7
  • Loading branch information
@advisory-database
advisory-database[bot] committed Jul 13, 2022
1 parent 8f7f0ac commit 23b6b25
Show file tree
Hide file tree
Showing 5 changed files with 249 additions and 120 deletions.
99 changes: 60 additions & 39 deletions ...A-3p86-xgrq-m6p6/GHSA-3p86-xgrq-m6p6.json → ...A-3p86-xgrq-m6p6/GHSA-3p86-xgrq-m6p6.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,74 @@
{
"schema_version": "1.2.0",
"id": "GHSA-3p86-xgrq-m6p6",
"modified": "2022-05-03T03:25:09Z",
"modified": "2022-07-13T17:10:43Z",
"published": "2022-05-03T03:25:09Z",
"aliases": [
"CVE-2011-0013"
],
"summary": "Improper Neutralization of Input During Web Page Generation in Apache Tomcat",
"details": "Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "5.5.0"
},
{
"fixed": "5.5.32"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.30"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.6"
}
]
}
]
}
],
"references": [
{
Expand Down Expand Up @@ -50,10 +107,6 @@
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19269"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
Expand All @@ -74,18 +127,6 @@
"type": "WEB",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43192"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45022"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57126"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8093"
Expand Down Expand Up @@ -114,10 +155,6 @@
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2160"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:030"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0791.html"
Expand All @@ -133,29 +170,13 @@
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/516209/30/90/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46174"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025026"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0376"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false
"github_reviewed": true
}
}
98 changes: 66 additions & 32 deletions ...A-c57p-3v2g-w9rg/GHSA-c57p-3v2g-w9rg.json → ...A-c57p-3v2g-w9rg/GHSA-c57p-3v2g-w9rg.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,74 @@
{
"schema_version": "1.2.0",
"id": "GHSA-c57p-3v2g-w9rg",
"modified": "2022-05-14T01:17:03Z",
"modified": "2022-07-13T17:26:44Z",
"published": "2022-05-14T01:17:03Z",
"aliases": [
"CVE-2011-2204"
],
"details": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.",
"summary": "Insertion of Sensitive Information into Log File in Apache Tomcat",
"details": "Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.\n\nThis issue was fixed in Apache Tomcat 7.0.17 but the release votes for the 7.0.17 and 7.0.18 release candidates did not pass. Therefore, users must download 7.0.19 to obtain a version that includes a fix.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "5.5.0"
},
{
"fixed": "5.5.34"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.33"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.19"
}
]
}
]
}
],
"references": [
{
Expand Down Expand Up @@ -50,10 +107,6 @@
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2"
Expand All @@ -70,18 +123,6 @@
"type": "WEB",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44981"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48308"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57126"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1025712"
Expand All @@ -106,28 +147,21 @@
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2401"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:156"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/73429"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1845.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48456"
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
}
],
"database_specific": {
"cwe_ids": [
"CWE-200"
"CWE-200",
"CWE-532"
],
"severity": "LOW",
"github_reviewed": false
"severity": "MODERATE",
"github_reviewed": true
}
}
37 changes: 22 additions & 15 deletions ...A-gw85-4gmf-m7rh/GHSA-gw85-4gmf-m7rh.json → ...A-gw85-4gmf-m7rh/GHSA-gw85-4gmf-m7rh.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,36 @@
{
"schema_version": "1.2.0",
"id": "GHSA-gw85-4gmf-m7rh",
"modified": "2022-05-17T05:39:03Z",
"modified": "2022-07-13T17:20:15Z",
"published": "2022-05-17T05:39:03Z",
"aliases": [
"CVE-2011-1498"
],
"summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient",
"details": "Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.httpcomponents:httpclient"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.1"
}
]
}
]
}
],
"references": [
{
Expand Down Expand Up @@ -61,25 +80,13 @@
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8298"
},
{
"type": "WEB",
"url": "http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/153049"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46974"
}
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"severity": "MODERATE",
"github_reviewed": false
"github_reviewed": true
}
}

0 comments on commit 23b6b25

Please sign in to comment.