Lucene search
K

20 matches found

OSV
OSV
added 2024/03/06 11:9 a.m.49 views

BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...

7.5CVSS7.1AI score0.71653EPSS
Exploits5References7
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.39 views

K31573032: Tomcat vulnerability CVE-2020-13943

Security Advisory Description If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made...

4.3CVSS7.2AI score0.57286EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2023-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01448EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.51 views

Apache Tomcat 10.0.0-M1 < 10.0.27 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...

7.5CVSS7.9AI score0.01448EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/06/24 12:0 a.m.21 views

Apache Tomcat XSS Vulnerability (Jun 2022) - Windows

Apache Tomcat is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.1CVSS6.2AI score0.06156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/06/23 12:0 a.m.59 views

Apache Tomcat 10.0.0.M1 < 10.0.23

The version of Tomcat installed on the remote host is prior to 10.0.23. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.23security-10 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Fo...

6.1CVSS7.4AI score0.06156EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 12:1 a.m.26 views

Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

7.5CVSS7.1AI score0.71653EPSS
Exploits5References11Affected Software1
OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.26 views

Apache Tomcat EncryptInterceptor DoS Vulnerability (May 2022) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS7.5AI score0.71653EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.20 views

Apache Tomcat 10.1.0-M1 < 10.1.0-M15 EncryptInterceptor DoS

The version of Apache Tomcat installed on the remote host is 8.5.38 to 8.5.78, 9.0.13 to 9.0.62, 10.0.0-M1 to 10.0.20 or 10.1.0-M1 to 10.1.0-M14. It is, therefore, affected by a denial of service vulnerability. The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat...

7.5CVSS7.9AI score0.71653EPSS
Exploits5References2
Debian CVE
Debian CVE
added 2022/05/12 12:0 a.m.53 views

CVE-2022-29885

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

7.5CVSS8.8AI score0.71653EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.44 views

F5 Networks BIG-IP : Apache Tomcat vulnerability (K32469285)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32469285 advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...

5.3CVSS7.3AI score0.75353EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/07/19 12:0 a.m.31 views

Apache Tomcat 10.0.0-M1 < 10.0.6 Authentication Weakness

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.5, 9.0.0.M1 to 9.0.45, 8.5.0 to 8.5.65 or 7.0.0 to 7.0.108. It is, therefore, affected by an authentication weakness due to queries made by the JNDI Realm which did not always correctly escape parameters. Note that the...

6.5CVSS7AI score0.09886EPSS
Exploits0References2
Apache Tomcat
Apache Tomcat
added 2021/03/10 12:0 a.m.47 views

Fixed in Apache Tomcat 10.0.4

Note: The issue below was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for these issues, version 10.0.3 is not included in the list of affected versions...

7.5CVSS7.4AI score0.06687EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/05 12:0 a.m.73 views

Apache Tomcat 10.0.0-M1 < 10.0.2 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.1, 9.0.0.M1 to 9.0.42, 8.5.0 to 8.5.62 or 7.0.0 to 7.0.107. It is, therefore, affected by a remote code execution due to an incomplete fix for CVE-2020-9484 and an information diclosure due to request mix-up with h2c...

7.5CVSS8AI score0.56636EPSS
Exploits15References3
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.37 views

Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1473 advisory. - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and...

7.6AI score0.24622EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/10/12 2:15 p.m.71 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS6.8AI score0.57286EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/10/12 1:46 p.m.48 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.8AI score0.57286EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2020/07/17 12:0 a.m.57 views

Apache Tomcat Multiple DoS Vulnerabilities (Jul 2020) - Linux

Apache Tomcat is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8AI score0.87553EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2020/06/29 12:0 a.m.136 views

Apache Tomcat DoS Vulnerability (Jun 2020) - Windows

Apache Tomcat is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

7.5CVSS7.5AI score0.26699EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2020/05/11 12:0 a.m.65 views

Fixed in Apache Tomcat 10.0.0-M5

Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...

7CVSS7.8AI score0.56636EPSS
Exploits15Affected Software1
Rows per page
Query Builder