Lucene search
K

12 matches found

Debian CVE
Debian CVE
added 2019/12/23 4:39 p.m.55 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS7.7AI score0.10687EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/11 12:0 a.m.62 views

Apache Tomcat 7.0.0 < 7.0.2

The version of Tomcat installed on the remote host is prior to 7.0.2. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.2security-7 advisory. - Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid...

6.4CVSS5.5AI score0.54779EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2018/11/29 12:0 a.m.90 views

FreeBSD : payara -- Code execution via crafted PUT requests to JSPs (22bc5327-f33f-11e8-be46-0019dbb15b3f)

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

8.1CVSS8.4AI score0.99607EPSS
Exploits18References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.18 views

Apache Tomcat 7.0.0 < 7.0.85 Security Constraint Weakness

The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.85. It is, therefore, affected by a security constraints flaw which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...

6.5CVSS7.3AI score0.17716EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2017/10/11 12:0 a.m.716 views

Apache Tomcat 7.0.0 < 7.0.82

The version of Tomcat installed on the remote host is prior to 7.0.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.82security-7 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...

8.1CVSS7.8AI score0.99988EPSS
Exploits23References6
myhack58
myhack58
added 2015/05/07 12:0 a.m.26 views

Tomcat full system packet DoS denial of service vulnerability CVE-2 0 1 4-0 2 3 0-vulnerability warning-the black bar safety net

Tomcat burst number for the CVE-2 0 1 4-0 2 3 0 DoS denial of service vulnerability. The vulnerability risk level is LOW, the impact of the version include: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 The problem occurs in with the...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.138 views

[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...

6.4CVSS6.3AI score0.21045EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.102 views

[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...

5CVSS0.11001EPSS
Exploits1
OpenVAS
OpenVAS
added 2011/09/09 12:0 a.m.31 views

Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.4CVSS4.7AI score0.00699EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2011/09/08 12:0 a.m.37 views

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

1.9CVSS4.8AI score0.00668EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2011/02/10 12:0 a.m.29 views

CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

1.2CVSS6.3AI score0.01353EPSS
Exploits1References5
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.124 views

[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0534 Apache Tomcat DoS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.6 - - Tomcat 6.0.0 to 6.0.30 Description: Tomcat did not enforce the maxHttpHeaderSize limit while...

5CVSS0.2AI score0.07885EPSS
Exploits0
Rows per page
Query Builder