Уязвимость функции pam_sm_authenticate() модуля аутентификации PAM-PKCS#11 операционных систем Linux, позволяющая нарушителю обойти процедуру аутентификации и получить несанкционированный доступ к защищаемой информации

Уязвимость модуля аутентификации PAM-PKCS#11 операционных систем Linux, позволяющая нарушителю обойти процесс аутентификации

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`.

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.

Уязвимость сервера приложений Apache Tomcat, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость сервера приложений Apache Tomcat, связанная с неполной очисткой временных или вспомогательных ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента компоненте pathInfo URI сервера приложений Apache Tomcat, позволяющая нарушителю обойти существующие ограничения безопасности

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Apache Tomcat Denial of Service via invalid HTTP priority header

Apache Tomcat Rewrite rule bypass

Apache Tomcat - CGI security constraint bypass