7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.3%
Apache Tomcat application server vulnerability is related to incorrect implementation of read/write locking.
writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a concurrency error and force client connections to share an instance of Http11Processor.
parallelism error and force client connections to share an instance of Http11Processor, resulting in responses or portions of responses being received.
resulting in responses or portions of responses being received by the wrong client
Apache Tomcat application server vulnerability is related to a memory leak. Exploitation of the vulnerability could
allow an attacker acting remotely to cause a denial of service as a result of patching the
bug 63362
The Apache Tomcat application server vulnerability is related to flaws in the validation time, time of
usage when configuring session persistence using FileStore. Exploitation of the vulnerability could
allow an attacker to perform certain actions that result in bypassing security restrictions
and privilege escalation (executing code with Tomcat process privileges)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.3%