Lucene search
K

16 matches found

Amazon
Amazon
added 2025/08/08 12:0 a.m.3 views

Important: tomcat9

Issue Overview: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from...

7.5CVSS6.9AI score0.0196EPSS
Exploits0
OSV
OSV
added 2025/07/25 1:16 p.m.5 views

OESA-2025-1892 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...

7.5CVSS7AI score0.0196EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/07/11 11:21 p.m.4 views

SUSE CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...

5.9CVSS7.1AI score0.01819EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/07/10 9:31 p.m.9 views

Apache Tomcat is vulnerable to resource exhaustion when using the APR/Native connector

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...

7.5CVSS7.1AI score0.01819EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2012/05/21 4:42 p.m.9 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/02/02 10:17 p.m.7 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/01/31 10:56 p.m.8 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/01/31 10:55 p.m.4 views

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...

4.4CVSS6.1AI score0.00699EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/12/05 5:39 p.m.47 views

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS6.4AI score0.15226EPSS
Exploits2References7
Apache Tomcat
Apache Tomcat
added 2011/09/22 12:0 a.m.54 views

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

7.5CVSS6.6AI score0.15226EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/08/30 12:0 a.m.21 views

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

Binary data 800602.prm...

5CVSS5.1AI score0.07243EPSS
Exploits1References5
securityvulns
securityvulns
added 2011/07/18 12:0 a.m.71 views

[SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.18 Tomcat 6.0.0 to 6.0.32 Tomcat 5.5.0 to 5.0.33 Previous, unsupported...

4.4CVSS5.3AI score0.00699EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2009/06/23 12:0 a.m.27 views

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:136)

Multiple security vulnerabilities has been identified and fixed in tomcat5 : When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned ...

5CVSS5.9AI score0.9444EPSS
Exploits11References8
Tenable Nessus
Tenable Nessus
added 2008/04/17 12:0 a.m.35 views

GLSA-200804-10 : Tomcat: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200804-10 Tomcat: Multiple vulnerabilities The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or...

6.4CVSS5.6AI score0.62575EPSS
Exploits5References6
Prion
Prion
added 2008/02/12 1:0 a.m.26 views

Server side request forgery (ssrf)

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

4.3CVSS4.3AI score0.05373EPSS
Exploits1References30Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/02/08 12:0 a.m.44 views

Apache Tomcat 6.0.x < 6.0.16 Information Disclosure

Binary data 4368.pasl...

5.8CVSS5.4AI score0.05057EPSS
Exploits0References2
Rows per page
Query Builder