Lucene search
K

171 matches found

Apache Tomcat
Apache Tomcat
added 2025/02/10 12:0 a.m.29 views

Fixed in Apache Tomcat 10.1.35

Important: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet - CVE-2025-24813 The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator...

10CVSS9.2AI score0.99945EPSS
Exploits47Affected Software1
Amazon
Amazon
added 2025/01/24 12:0 a.m.10 views

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS7.1AI score0.44312EPSS
Exploits14
Amazon
Amazon
added 2025/01/24 12:0 a.m.9 views

Important: tomcat

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS6.9AI score0.44312EPSS
Exploits14
RedHat Linux
RedHat Linux
added 2025/01/21 1:19 p.m.6 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.44312EPSS
Exploits13References5
RedHat Linux
RedHat Linux
added 2025/01/21 1:16 p.m.6 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.44312EPSS
Exploits13References5
RedHat Linux
RedHat Linux
added 2025/01/16 7:35 p.m.5 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.44312EPSS
Exploits13References5
RedHat Linux
RedHat Linux
added 2025/01/16 7:34 p.m.29 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.44312EPSS
Exploits13References5
Veracode
Veracode
added 2025/01/03 7:25 p.m.10 views

Time-of-Check Time-of-Use (TOCTOU)

Apache Tomcat is vulnerable to a Time-of-Check Time-of-Use TOCTOU. The vulnerability is due to incomplete mitigation and improper handling of file path canonicalization on case-insensitive file systems when the default servlet write is enabled, which allows an attacker to exploit race conditions ...

9.8CVSS6.9AI score0.44312EPSS
Exploits13References9Affected Software3
OSV
OSV
added 2024/12/20 4:15 p.m.7 views

UBUNTU-CVE-2024-56337

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

9.8CVSS6.5AI score0.44312EPSS
Exploits13References4
SUSE CVE
SUSE CVE
added 2024/12/18 3:51 a.m.9 views

SUSE CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

7CVSS7AI score0.44312EPSS
Exploits13References11
OSV
OSV
added 2024/12/17 3:31 p.m.2 views

GHSA-5J33-CVVR-W245 Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS5.8AI score0.44312EPSS
Exploits13References16
OSV
OSV
added 2024/12/17 1:15 p.m.8 views

DEBIAN-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS8.5AI score0.44312EPSS
Exploits13References1
Apache Tomcat
Apache Tomcat
added 2024/12/09 12:0 a.m.62 views

Fixed in Apache Tomcat 9.0.98

Important: Remote Code Execution via write enabled Default Servlet. Mitigation for CVE-2024-50379 was incomplete - CVE-2024-56337 The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 9.0.98 or later, users running Tomcat on a case insensitive file system with the...

9.8CVSS8.3AI score0.44312EPSS
Exploits13Affected Software1
Apache Tomcat
Apache Tomcat
added 2024/12/09 12:0 a.m.33 views

Fixed in Apache Tomcat 10.1.34

Important: Remote Code Execution via write enabled Default Servlet. Mitigation for CVE-2024-50379 was incomplete - CVE-2024-56337 The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 10.1.34 or later, users running Tomcat on a case insensitive file system with th...

9.8CVSS8.3AI score0.44312EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.42 views

Apache Tomcat 9.0.0.M1 < 9.0.12

The version of Tomcat installed on the remote host is prior to 9.0.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.12security-9 advisory. - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90...

4.3CVSS6.1AI score0.94494EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.41 views

Apache Tomcat 9.0.0.M1 < 9.0.0.M21

The version of Tomcat installed on the remote host is prior to 9.0.0.M21. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m21security-9 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an err...

7.5CVSS7.9AI score0.16567EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.42 views

Apache Tomcat 8.0.0.RC1 < 8.0.44

The version of Tomcat installed on the remote host is prior to 8.0.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.44security-8 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...

7.5CVSS7.9AI score0.16567EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.46 views

Apache Tomcat 7.0.0 < 7.0.78

The version of Tomcat installed on the remote host is prior to 7.0.78. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.78security-7 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...

7.5CVSS7.9AI score0.16567EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0096

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a...

4.3CVSS6.8AI score0.06905EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.8 views

SUSE CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

9.8CVSS9.5AI score0.99988EPSS
Exploits23References14
Rows per page
Query Builder