Lucene search
K

22 matches found

OSV
OSV
added 2026/05/18 8:57 a.m.6 views

BIT-TOMCAT-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0 through...

7.5CVSS7.3AI score0.01819EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.46 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Session fixation when using FORM authentication CVE-2019-17563 - tomcat: JsonErrorReportValve...

7.5CVSS7.8AI score0.87553EPSS
Exploits25References17
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.34 views

Apache Tomcat 9.0.0.M1 < 9.0.0.M18

The version of Tomcat installed on the remote host is prior to 9.0.0.M18. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m18security-9 advisory. - While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat...

9.1CVSS7.9AI score0.13225EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...

8.1AI score0.72855EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.17 views

Apache Tomcat 9.0.0-M11 < 9.0.44 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.7 to 8.5.63 and 9.0.0-M11 to 9.0.43. It is, therefore, affected by a request smuggling vulnerability. Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported...

5.3CVSS7.4AI score0.14286EPSS
Exploits3References2
Exploit DB
Exploit DB
added 2021/07/13 12:0 a.m.760 views

Apache Tomcat 9.0.0.M1 - Open Redirect

Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Date: 10/04/2018 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/...

4.3CVSS5.7AI score0.94494EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/07/12 12:0 a.m.365 views

Apache Tomcat 9.0.0.M1 Cross Site Scripting

Exploit Title: Apache Tomcat 9.0.0.M1 - Cross-Site Scripting XSS Date: 05/21/2019 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 CVE : CVE-2019-0221 Requirements: SSI support must be enabled within Apache Tomcat. SSI support is no...

4.3CVSS7AI score0.45571EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.66 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Vulnerability (NS-SA-2020-0085)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by a vulnerability: - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References2
Cvelist
Cvelist
added 2020/10/12 1:46 p.m.48 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.8AI score0.57286EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/08/14 12:0 a.m.33 views

Apache Tomcat 9.0.0.M1 < 9.0.37 Denial of Service

The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 or 7.0.0 to 7.0.104. It is, therefore, affected by two denial of service vulnerabilities via WebSocket frame and HTTP/2 requests. Note that the scanner has not attempted to...

7.5CVSS8.1AI score0.87553EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/06/15 6:51 p.m.336 views

Improper Privilege Management in Tomcat

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.3AI score0.9927EPSS
Exploits45References92Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.67 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1352)

The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
Debian CVE
Debian CVE
added 2019/12/23 4:39 p.m.55 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS7.7AI score0.10687EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/10 12:0 a.m.41 views

Apache Tomcat 9.0.0.M1 < 9.0.20 Denial of Service

The version of Apache Tomcat installed on the remote host is 9.0.0.M1 to 9.0.19 or 8.5.0 to 8.5.40. It is, therefore, affected by a denial of service vulnerability due to an incomplete fix for CVE-2019-0199 which did not address HTTP/2 connection window exhaustion on write. Note that the scanner...

7.5CVSS6.8AI score0.72988EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/07/24 12:0 a.m.334 views

Apache Tomcat 'UTF-8 Decoder' Denial of Service Vulnerability - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

7.5CVSS7.8AI score0.20599EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/07/13 12:0 a.m.429 views

Apache Tomcat 8.0.0.RC1 < 8.0.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.53security-8 advisory. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by...

9.8CVSS7.7AI score0.21979EPSS
Exploits0References5
Saint
Saint
added 2017/10/13 12:0 a.m.21 views

Apache Tomcat PUT method JSP upload

Added: 10/13/2017 BID: 100954 Background Apache Tomcat is a Java web application platform. Problem A vulnerability in Apache Tomcat allows remote attackers to execute arbitrary commands by using the PUT method to upload a JSP file, and then requesting that file. Resolution Upgrade to Apache Tomca...

8.4AI score
Exploits0
Debian CVE
Debian CVE
added 2017/08/11 2:0 a.m.26 views

CVE-2017-7675

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

7.5CVSS7.6AI score0.1014EPSS
Exploits0
OSV
OSV
added 2017/06/06 2:29 p.m.43 views

CVE-2017-5664

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS7.5AI score
Exploits0References38
Tenable Nessus
Tenable Nessus
added 2017/04/21 12:0 a.m.56 views

Amazon Linux AMI : tomcat6 (ALAS-2017-821)

Incorrect handling of pipelined requests when send file was used : A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lo...

7.5CVSS7.8AI score0.1684EPSS
Exploits0References2
Rows per page
Query Builder