Lucene search
K

12 matches found

OpenVAS
OpenVAS
added 2024/07/04 12:0 a.m.40 views

Apache Tomcat DoS Vulnerability (Jul 2024) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

7.5CVSS7.6AI score0.04602EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.44 views

Apache Tomcat 10.1.0-M1 < 10.1.19 Denial Of Service

The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.98, 9.0.0-M1 to 9.0.85, 10.1.0-M1 to 10.1.18 or 11.0.0-M1 to 11.0.0-M16. It is, therefore, affected by two denial of service vulnerabilities related to WebSocket connection and HTTP/2 request. Note that the scanner has not...

7.5CVSS7.6AI score0.23072EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/03/13 12:0 a.m.32 views

Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux

Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.23072EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 11:9 a.m.49 views

BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...

7.5CVSS7.1AI score0.73139EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.35 views

Oracle Linux 8 : tomcat (ELSA-2024-0125)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0125 advisory. - Open Redirect vulnerability in FORM authentication CVE-2023-41080 - FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 ...

6.1CVSS7.4AI score0.05972EPSS
Exploits2References5
OSV
OSV
added 2023/10/10 5:42 p.m.46 views

CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS6.7AI score0.0216EPSS
Exploits1References8
NVD
NVD
added 2023/08/25 9:15 p.m.28 views

CVE-2023-41080

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may als...

6.1CVSS7AI score0.05972EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.20 views

Apache Tomcat 10.1.0-M1 < 10.1.6 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.86, 9.0.0-M1 prior to 9.0.72, 10.1.0-M1 prior to 10.1.6 or 11.0.0-M1 prior to 11.0.0-M3. It is, therefore, affected by an information disclosure due to the RemoteIpFilter. Note that the scanner has not attempted to...

4.3CVSS7AI score0.01831EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/01/04 12:0 a.m.25 views

Apache Tomcat JsonErrorReportValve Injection Vulnerability (Jan 2023) - Linux

Apache Tomcat is prone to a JsonErrorReportValve injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.6AI score0.02505EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/02 12:0 a.m.45 views

Apache Tomcat 10.1.0.M1 < 10.1.1

The version of Tomcat installed on the remote host is prior to 10.1.1. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.1security-10 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configur...

7.5CVSS7AI score0.01448EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/06/24 12:0 a.m.21 views

Apache Tomcat XSS Vulnerability (Jun 2022) - Windows

Apache Tomcat is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.1CVSS6.2AI score0.06156EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2021/10/01 12:0 a.m.48 views

Fixed in Apache Tomcat 10.1.0-M6

Important: Denial of Service CVE-2021-42340 The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could...

7.5CVSS6.8AI score0.10997EPSS
Exploits0Affected Software1
Rows per page
Query Builder