9 matches found
BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks
The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...
Apache Tomcat 10.0.0-M1 < 10.0.27 Request Smuggling
The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0. It is, therefore, affected by a request smuggling vulnerability. If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader t...
Apache Tomcat XSS Vulnerability (Jun 2022) - Windows
Apache Tomcat is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Apache Tomcat 10.0.0.M1 < 10.0.23
The version of Tomcat installed on the remote host is prior to 10.0.23. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.23security-10 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Fo...
Apache Tomcat 10.1.0-M1 < 10.1.0-M15 EncryptInterceptor DoS
The version of Apache Tomcat installed on the remote host is 8.5.38 to 8.5.78, 9.0.13 to 9.0.62, 10.0.0-M1 to 10.0.20 or 10.1.0-M1 to 10.1.0-M14. It is, therefore, affected by a denial of service vulnerability. The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat...
Apache Tomcat 10.0.0-M1 < 10.0.6 Authentication Weakness
The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.5, 9.0.0.M1 to 9.0.45, 8.5.0 to 8.5.65 or 7.0.0 to 7.0.108. It is, therefore, affected by an authentication weakness due to queries made by the JNDI Realm which did not always correctly escape parameters. Note that the...
Fixed in Apache Tomcat 10.0.4
Note: The issue below was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for these issues, version 10.0.3 is not included in the list of affected versions...
Apache Tomcat Multiple DoS Vulnerabilities (Jul 2020) - Linux
Apache Tomcat is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Tomcat DoS Vulnerability (Jun 2020) - Windows
Apache Tomcat is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...