CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS8.7AI score0.00516EPSS

Exploits1References9

RedHat Linux•added 2024/08/06 10:49 a.m.•28 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update

Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CV...

8.6CVSS6.8AI score0.2198EPSS

Exploits0References4

Tenable Nessus•added 2024/08/06 12:0 a.m.•36 views

RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.3 (RHSA-2024:4976)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4976 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

8.6CVSS7.6AI score0.2198EPSS

Exploits0References7

Tenable Nessus•added 2024/05/23 12:0 a.m.•29 views

Apache Tomcat 9.0.0.M1 < 9.0.0.M15

The version of Tomcat installed on the remote host is prior to 9.0.0.M15. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m15security-9 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

7.5CVSS7.7AI score0.1091EPSS

Exploits0References3

Tenable Nessus•added 2024/05/23 12:0 a.m.•50 views

Apache Tomcat 8.0.0.RC1 < 8.0.41

The version of Tomcat installed on the remote host is prior to 8.0.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.41security-8 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

7.5CVSS7.6AI score0.1091EPSS

Exploits0References3

Tenable Nessus•added 2024/05/23 12:0 a.m.•35 views

Apache Tomcat 7.0.0 < 7.0.75

The version of Tomcat installed on the remote host is prior to 7.0.75. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.75security-7 advisory. - A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to...

7.5CVSS7.6AI score0.1091EPSS

Exploits0References3

RedHat Linux•added 2023/12/07 12:37 p.m.•35 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.7 release and security update

Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

7.5CVSS6.7AI score0.91789EPSS

Exploits0References8

Atlassian•added 2023/09/18 9:40 p.m.•56 views

org.apache.tomcat:tomcat-catalina Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.2, 9.2.3 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

7.5CVSS7.3AI score0.339EPSS

Exploits1

RedHat Linux•added 2023/09/04 12:24 p.m.•71 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update

Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

9.8CVSS7AI score0.339EPSS

Exploits1References7

Tenable Nessus•added 2023/08/16 12:0 a.m.•54 views

Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

7.5CVSS7.6AI score0.339EPSS

Exploits1References2

Github Security Blog•added 2023/07/06 9:14 p.m.•46 views

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded...

7.5CVSS6.7AI score0.339EPSS

Exploits1References15Affected Software2

Tenable Nessus•added 2023/06/14 12:0 a.m.•18 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:2505-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2505-1 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

7.5CVSS7.6AI score0.339EPSS

Exploits1References7

Mageia•added 2023/05/31 6:41 a.m.•44 views

Updated tomcat packages fix security vulnerability

7.5CVSS6.9AI score0.00516EPSS

Exploits1References2

OSV•added 2023/05/31 6:41 a.m.•15 views

MGASA-2023-0191 Updated tomcat packages fix security vulnerability

7.5CVSS7.6AI score0.00516EPSS

Exploits1References3

Tenable Nessus•added 2023/05/31 12:0 a.m.•26 views

SUSE SLES12 Security Update : tomcat (SUSE-SU-2023:2318-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2318-1 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.8...

7.5CVSS7.6AI score0.339EPSS

Exploits1References4

Tenable Nessus•added 2023/05/31 12:0 a.m.•43 views

SUSE SLES12 Security Update : tomcat (SUSE-SU-2023:2319-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2319-1 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

7.5CVSS7.6AI score0.339EPSS

Exploits1References4

Tenable Nessus•added 2023/05/26 12:0 a.m.•193 views

Apache Tomcat 9.0.71 < 9.0.74 Denial Of Service

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.87, 9.0.71 to 9.0.73, 10.1.5 to 10.1.7 or 11.0.0-M2 to 11.0.0-M4. The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query...

7.5CVSS7.5AI score0.339EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by