Lucene search
K

25 matches found

Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.37 views

Fixed in Apache Tomcat 10.1.31

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 146f94f8. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.3AI score0.06287EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2024/02/19 12:0 a.m.50 views

Fixed in Apache Tomcat 11.0.0-M17

Important: Denial of Service CVE-2024-23672 It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption. This was fixed with commit b0e3b1bd. This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made publi...

7.5CVSS7.1AI score0.23072EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/08/25 12:0 a.m.49 views

Fixed in Apache Tomcat 11.0.0-M11

Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit e3703c9a. This issue was reported ...

7.5CVSS7.2AI score0.05972EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/08/25 12:0 a.m.131 views

Fixed in Apache Tomcat 9.0.80

Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit 77c0ce2d. This issue was reported ...

6.1CVSS6.6AI score0.05972EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/05/19 12:0 a.m.42 views

Fixed in Apache Tomcat 10.1.9

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

7.5CVSS7.3AI score0.01116EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/05/19 12:0 a.m.60 views

Fixed in Apache Tomcat 8.5.89

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

7.5CVSS7.3AI score0.01116EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2023/04/18 12:0 a.m.83 views

Fixed in Apache Tomcat 9.0.74

Moderate: Apache Tomcat denial of service CVE-2023-28709 The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount...

7.5CVSS7.8AI score0.51547EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2022/11/14 12:0 a.m.152 views

Fixed in Apache Tomcat 9.0.69

Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143 The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2021/10/06 12:0 a.m.191 views

Fixed in Apache Tomcat 8.5.72

Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...

7.5CVSS6.8AI score0.10997EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2020/11/17 12:0 a.m.53 views

Fixed in Apache Tomcat 10.0.0-M10

Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...

7.5CVSS6.9AI score0.24622EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2019/11/21 12:0 a.m.75 views

Fixed in Apache Tomcat 8.5.49

Note: The issue below was fixed in Apache Tomcat 8.0.48 but the release vote for the 8.0.48 release candidate did not pass. Therefore, although users must download 8.0.49 to obtain a version that includes the fix for this issue, version 8.0.48 is not included in the list of affected versions...

7CVSS7.3AI score0.37618EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/07/01 12:0 a.m.52 views

Fixed in Apache Tomcat 8.0.45

Moderate: Cache Poisoning CVE-2017-7674 The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. This was fixed in revision 1795815. The issue was reported as bug 61101 on ...

4.3CVSS5.9AI score0.08037EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/06/26 12:0 a.m.65 views

Fixed in Apache Tomcat 8.5.16

Important: Security Constraint Bypass CVE-2017-7675 The HTTP/2 implementation bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using an specially crafted URL. This was fixed in revision 1796091. The issue was...

7.5CVSS6.2AI score0.1014EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/05/16 12:0 a.m.72 views

Fixed in Apache Tomcat 7.0.78

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/05/10 12:0 a.m.60 views

Fixed in Apache Tomcat 9.0.0.M21

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/05/10 12:0 a.m.64 views

Fixed in Apache Tomcat 8.5.15

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

7.5CVSS7.6AI score0.16567EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/04/02 12:0 a.m.73 views

Fixed in Apache Tomcat 7.0.77

Important: Information Disclosure CVE-2017-5647 A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong...

7.5CVSS8.3AI score0.1684EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2017/03/13 12:0 a.m.81 views

Fixed in Apache Tomcat 9.0.0.M18

Low: Information Disclosure CVE-2017-5648 While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to...

9.1CVSS9.2AI score0.13225EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2016/01/05 12:0 a.m.59 views

Fixed in Apache Tomcat 9.0.0.M3

Moderate: Security Manager bypass CVE-2016-0763 This issue only affects users running untrusted web applications under a security manager. ResourceLinkFactory.setGlobalContext is a public method and was accessible to web applications even when running under a security manager. This allowed a...

8.8CVSS7.8AI score0.1838EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2014/05/23 12:0 a.m.39 views

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

8.3AI score
Exploits0References3
Rows per page
Query Builder