Apache Software Foundation TomEE 8.0.6

CPE Details

Apache Software Foundation TomEE 8.0.6
8.0.6
2021-09-01
16h47 +00:00
2021-09-02
16h46 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:tomee:8.0.6:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

tomee

Version

8.0.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40690 2021-09-18 22h00 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5
High
CVE-2021-33037 2021-07-12 12h55 +00:00 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
5.3
Medium
CVE-2021-30468 2021-06-16 10h00 +00:00 A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.
7.5
High