EUVD-2007-0536

Malware in sbrugna...

EUVD-2010-4588

Malware in sbrugna...

Apache Tomcat 9.0.0.M1 < 9.0.0.M19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m19security-9 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connecto...

Jenkins Denial of Service vulnerability

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

Denial of service in Apache Tomcat

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service thread consumption by using a "Content-Length: 0" AJP request to trigger a hang in request processing...

Uncontrolled Resource Consumption in Apache Tomcat

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

GitHub Security Lab: [Java] CWE-400: Query to detect uncontrolled thread resource consumption

This bug was reported directly to GitHub Security Lab...

Code injection

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

CVE-2017-5650

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

CVE-2016-2094

The vulnerability CVE-2016-2094 affects Tomcat’s HTTPS NIO Connector, where a remote attacker can cause a denial of service by opening a socket and not sending an SSL handshake, triggering a read-timeout and thread consumption. The provided documents describe the vulnerability and impact but do n...

Design/Logic Flaw

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

CVE-2014-0230

CVE-2014-0230 affects Apache Tomcat: 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9. The issue occurs when an HTTP response is sent before the server finishes reading the entire request body, enabling remote attackers to trigger a denial-of-service via a series of aborted upload attem...

CVE-2014-3661

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

CVE-2014-3661

CVE-2014-3661 affects Jenkins before 1.583 and LTS before 1.565.3 and causes a denial of service (thread consumption) through vectors related to a CLI handshake. The connected sources confirm this CVE entry and its description; no additional exploitation details are provided beyond the DoS impact...

CVE-2014-0095

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service thread consumption by using a "Content-Length: 0" AJP request to trigger a hang in request processing...

CVE-2014-0095

Removed by vendor...

Apache Tomcat 8.0.0-RC1 < 8.0.5 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.5security-8 advisory. - Integer overflow in the parseChunkHeader function in...

CVE-2012-4067

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service memory, thread, and CPU consumption via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request...