Justpentest

**Name of the Vulnerable Software and Affected Versions** KMCIS CaseAware (affected versions not specified) **Description** An issue was discovered in KMCIS CaseAware, where reflected cross-site scripting is present in the `usr` parameter transmitted in the "login.php" query string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 9.0.0.M1 through 9.0.0.M11 Apache Tomcat versions 8.5.0 through 8.5.6 Apache Tomcat versions 8.0.0.RC1 through 8.0.38 Apache Tomcat versions 7.0.0 through 7.0.72 Apache Tomcat versions 6.0.0 through 6.0.47 **Description** The code in Apache Tomcat that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response, the attacker could poison a web-cache, perform an XSS attack, and/or obtain sensitive information from requests other than their own. **Recommendations** For Apache Tomcat versions 9.0.0.M1 through 9.0.0.M11, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 8.5.0 through 8.5.6, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 8.0.0.RC1 through 8.0.38, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 7.0.0 through 7.0.72, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 6.0.0 through 6.0.47, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request line parsing functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Splunk version 6.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. This might be due to a regression of a previously fixed issue. **Recommendations** For Splunk version 6.1.1, consider restricting access to the HTTP Referer Header to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications Manager (affected versions not specified) **Description** A directory traversal issue exists in the Tomcat administrative web interface, allowing remote authenticated users to read arbitrary files by using directory traversal sequences in an unspecified input string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.