Multiple serious vulnerabilities have been found in Apache Tomcat. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions and read arbitrary files. Below is a complete list of vulnerabilities

Affected products:

Apache Tomcat 7 versions 7.0.52 and earlier

Solution:

Update to latest version

Original advisories:

Apache bulletin

Impacts:

DoS

Related products:

Apache Tomcat

CVE-IDS:

CVE-2014-00755.0Critical
CVE-2014-00964.3Warning
CVE-2014-00994.3Warning

References

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.53

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Apache-Tomcat/

redhat 16

nessus 33

freebsd 1

ubuntu 1

openvas 20

oraclelinux 4

tomcat 3

ibm 32

mageia 1

amazon 2

fedora 1

securityvulns 3

centos 1

threatpost 1

ubuntucve 3

github 3

prion 3

debiancve 3

osv 5

cve 3

f5 6

veracode 2

symantec 1

debian 4

gentoo 1

oracle 3

redhat

(RHSA-2014:0835) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

2014-07-03 16:53:41

(RHSA-2014:0833) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-07-03 16:52:09

(RHSA-2014:0827) Moderate: tomcat security update

2014-07-02 00:00:00

nessus

Oracle Linux 7 : tomcat (ELSA-2014-0827)

2014-07-24 00:00:00

Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities

2015-03-02 00:00:00

RHEL 7 : tomcat (RHSA-2014:0827)

2014-07-30 00:00:00

freebsd

tomcat -- multiple vulnerabilities

2014-05-23 00:00:00

ubuntu

Tomcat vulnerabilities

2014-07-30 00:00:00

openvas

Ubuntu: Security Advisory (USN-2302-1)

2014-08-05 00:00:00

Apache Tomcat Multiple Vulnerabilities (Nov 2014)

2014-11-28 00:00:00

RedHat Update for tomcat RHSA-2014:0827-01

2014-07-07 00:00:00

oraclelinux

tomcat security update

2014-07-23 00:00:00

tomcat security update

2014-08-07 00:00:00

tomcat6 security and bug fix update

2014-07-09 00:00:00

tomcat

Fixed in Apache Tomcat 7.0.53

2014-03-30 00:00:00

Fixed in Apache Tomcat 8.0.5

2014-03-27 00:00:00

Fixed in Apache Tomcat 6.0.41

2014-05-23 00:00:00

ibm

Security Bulletin: Apache Tomcat security vulnerability issues on IBM SONAS (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-18 00:08:32

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-17 04:56:14

Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

2018-06-18 00:08:28

mageia

Updated tomcat and tomcat6 packages fix security vulnerabilities

2014-06-20 00:30:12

amazon

Medium: tomcat8

2015-05-14 14:40:00

Medium: tomcat7

2015-05-14 14:38:00

fedora

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

2015-02-23 08:03:06

securityvulns

Apache Tomcat multiple security vulnerabilities

2014-05-29 00:00:00

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

2014-05-29 00:00:00

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

2014-05-29 00:00:00

centos

tomcat6 security update

2014-07-09 16:09:49

threatpost

Apache Patches Bugs in Tomcat

2014-05-30 12:31:25

ubuntucve

CVE-2014-0096

2014-05-31 00:00:00

CVE-2014-0099

2014-05-31 00:00:00

CVE-2014-0075

2014-05-31 00:00:00

github

Improper Input Validation in Apache Tomcat

2022-05-14 01:10:18

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

Integer Overflow or Wraparound in Apache Tomcat

2022-05-14 01:10:19

prion

Xxe

2014-05-31 11:17:00

Integer overflow

2014-05-31 11:17:00

Integer overflow

2014-05-31 11:17:00

debiancve

CVE-2014-0096

2014-05-31 11:17:00

CVE-2014-0099

2014-05-31 11:17:00

CVE-2014-0075

2014-05-31 11:17:00

osv

Improper Input Validation in Apache Tomcat

2022-05-14 01:10:18

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

2022-05-14 01:10:18

tomcat7 - security update

2016-01-17 00:00:00

cve

CVE-2014-0099

2014-05-31 11:17:00

CVE-2014-0096

2014-05-31 11:17:00

CVE-2014-0075

2014-05-31 11:17:00

SOL15432 - Apache Tomcat vulnerability CVE-2014-0099

2014-07-17 00:00:00

K15428 : Apache Tomcat vulnerability CVE-2014-0096

2015-06-13 00:00:00

SOL15428 - Apache Tomcat vulnerability CVE-2014-0096

2014-07-17 00:00:00

veracode

XML External Entity (XXE)

2017-04-07 03:32:44

Denial Of Service (DoS) Resource Consumption

2019-01-15 08:55:33

symantec

SA100 : Apache Tomcat Vulnerabilities

2015-07-23 08:00:00

debian

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3447-1] tomcat7 security update

2016-01-17 15:47:11

[SECURITY] [DSA 3530-1] tomcat6 security update

2016-03-25 18:47:56

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

oracle

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Oracle Critical Patch Update - October 2014

2014-10-14 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.8%

JSON

Related for KLA10072