Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2155 matches found

RedhatCVE
RedhatCVEadded 2023/10/24 3:27 a.m.203 views

CVE-2023-45648

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

5.3CVSS5.8AI score0.62079EPSS
Exploits2References5
Debian
Debianadded 2023/10/13 1:58 p.m.44 views

[SECURITY] [DLA 3617-1] tomcat9 security update

Debian LTS Advisory DLA-3617-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 13, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u9 CVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648 Several...

7.5CVSS7AI score0.9439EPSS
Exploits22
CNVD
CNVDadded 2023/10/13 12:0 a.m.15 views

Apache Tomcat Input Validation Error Vulnerability (CNVD-2024-27498)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has an input validation error vulnerability that stems from a failure to properly parse the HTTP tail header, whic...

5.3CVSS6.6AI score0.62079EPSS
Exploits2References1
Veracode
Veracodeadded 2023/10/12 11:56 a.m.31 views

Request Smuggling

tomcat-coyote are vulnerable to Request Smuggling. This vulnerability exists because the library does not properly validate HTTP trailer headers, which allows an attacker to smuggle requests if the application is behind a reverse proxy...

5.3CVSS6.8AI score0.62079EPSS
Exploits2References11Affected Software2
Github Security Blog
Github Security Blogadded 2023/10/10 9:28 p.m.128 views

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

7.5CVSS7.2AI score0.9439EPSS
Exploits19References190Affected Software12
OSV
OSVadded 2023/10/10 7:15 p.m.5 views

DEBIAN-CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5.3CVSS6.5AI score0.62079EPSS
Exploits2References1
OSV
OSVadded 2023/10/10 7:15 p.m.0 views

UBUNTU-CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5.3CVSS6.9AI score0.62079EPSS
Exploits2References7
CNNVD
CNNVDadded 2023/10/10 12:0 a.m.5 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has an input validation error vulnerability that stems from a failure to properly parse the HTTP tail header, whic...

5.3CVSS8.9AI score0.62079EPSS
Exploits2References13
Apache Tomcat
Apache Tomcatadded 2023/10/10 12:0 a.m.74 views

Fixed in Apache Tomcat 10.1.14

Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...

7.5CVSS7.7AI score0.9439EPSS
Exploits21Affected Software1
Amazon
Amazonadded 2023/10/05 12:0 a.m.2 views

Important: squid

Issue Overview: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decod...

9.8CVSS6.7AI score0.06184EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2023/09/27 12:0 a.m.33 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory. A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid...

6.5CVSS7.4AI score0.01865EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2023/09/27 12:0 a.m.27 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-002)

The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-002 advisory. If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore...

7.5CVSS7.1AI score0.0029EPSS
Exploits0References4
Amazon
Amazonadded 2023/09/25 12:0 a.m.8 views

Important: tomcat

Issue Overview: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat...

9.8CVSS7AI score0.94469EPSS
Exploits44
ATTACKERKB
ATTACKERKBadded 2023/09/21 10:15 p.m.5 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS5.8AI score0.0016EPSS
Exploits1References5
PyPA
PyPAadded 2023/09/21 10:15 p.m.7 views

PYSEC-2023-310

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS7.1AI score0.0016EPSS
Exploits1References7Affected Software1
OSV
OSVadded 2023/09/21 10:15 p.m.4 views

PYSEC-2023-310

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS7.6AI score0.0016EPSS
Exploits1References7
NVD
NVDadded 2023/09/21 10:15 p.m.10 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS7.7AI score0.0016EPSS
Exploits1References4
Prion
Prionadded 2023/09/21 10:15 p.m.15 views

Authentication flaw

DISPUTED Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for...

5CVSS7.7AI score0.0016EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2023/09/21 12:0 a.m.17 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.1AI score0.0016EPSS
Exploits1References4
Cvelist
Cvelistadded 2023/09/21 12:0 a.m.14 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.9AI score0.0016EPSS
Exploits1References4
Rows per page
Query Builder