254 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2020-1938
CVE-2020-1938 (Tomcat AJP vulnerability) : The issue affects Apache Tomcat where the AJP Connector, enabled by default in several legacy releases, could be reached through untrusted networks. An attacker could exploit the configured AJP path to read arbitrary files in the web application and pote...
CVE-2014-0050
This CVE affects Apache Commons FileUpload (MultipartStream.java) before version 1.3.1, as used in Apache Tomcat, JBoss Web, and other products. The root cause is a crafted Content-Type header that bypasses the loop exit conditions, allowing remote attackers to trigger an infinite loop and high C...
CVE-2017-12617
CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...
CVE-2017-12615
CVE-2017-12615 affects Apache Tomcat 7.0.0–7.0.79 on Windows when HTTP PUTs are enabled (readonly=false), allowing an attacker to upload a JSP file that can be executed by the server. Connected documents confirm remote code execution via crafted requests and note remediation through vendor adviso...
CVE-2020-1935
CVE-2020-1935 affects Apache Tomcat across multiple branches: 9.0.0.M1–9.0.30, 8.5.0–8.5.50, and 7.0.0–7.0.99. It stems from HTTP header parsing that can mishandle end-of-line and Transfer-Encoding, enabling HTTP Request Smuggling when Tomcat sits behind certain reverse proxies. Impact is informa...
CVE-2019-0232
CVE-2019-0232 affects Apache Tomcat CGI Servlet when enableCmdLineArguments is enabled, allowing remote code execution via crafted HTTP requests on Windows. Affected: Tomcat 7.0.0–7.0.93, 8.5.0–8.5.39, 9.0.0.M1–9.0.17. The vulnerability stems from how the CGI environment builds command-line param...
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2019-17563
Tomcat CVE-2019-17563: A race-condition in FORM authentication allowed a session-fixation window in Tomcat 9.0.0.M1–9.0.29, 8.5.0–8.5.49, and 7.0.0–7.0.98. The issue is acknowledged as a vulnerability with practical exploitation not detailed in the provided docs. Affected products: Apache Tomcat....
CVE-2022-25762
CVE-2022-25762 is a concrete vulnerability in Apache Tomcat affecting WebSocket handling. When a WebSocket message is sent concurrently with closing the connection on Tomcat 8.5.0–8.5.75 or 9.0.0.M1–9.0.20, the application may continue to use a socket after it has been closed. The described error...
CVE-2025-24813
Summary of CVE-2025-24813 : A path equivalence issue in Apache Tomcat’s Default Servlet can allow remote code execution and/or information disclosure via uploaded files when writes are enabled and PUT support is misused. Affected are Tomcat 11.0.0-M1–11.0.2, 10.1.0-M1–10.1.34, and 9.0.0.M1–9.0.98...
CVE-2023-41080
CVE-2023-41080 is an Open Redirect vulnerability in Apache Tomcat’s ROOT web application when using FORM authentication. Affected are Tomcat versions across multiple lines: 8.5.0–8.5.92, 9.0.0-M1–9.0.79, 10.0.0-M1–10.0.12, and 11.0.0-M1–11.0.0-M10. The root cause is improper handling of redirect ...
CVE-2016-8735
CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...
CVE-2019-12418
CVE-2019-12418 affects Apache Tomcat 9.0.0.M1–9.0.28, 8.5.0–8.5.47, 7.0.0–7.0.97 when JMX Remote Lifecycle Listener is enabled: a local attacker without Tomcat access can manipulate the RMI registry to perform a MITM and steal credentials to gain full control of the Tomcat instance. Connected adv...
CVE-2020-13935
CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...
CVE-2024-50379
CVE-2024-50379 is a TOCTOU race condition in JSP compilation on Apache Tomcat that can lead to RCE when the default servlet is writable on case-insensitive file systems. Affected lines include Tomcat 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97 (also some older EOL versions). The issu...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2013-4590
CVE-2013-4590 affects Apache Tomcat prior to 6.0.39, 7.x prior to 7.0.50, and 8.x prior to 8.0.0-RC10. The issue is an XML External Entity (XXE) vulnerability that lets an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld document containing an external entity declar...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2021-24122
CVE-2021-24122 affects Apache Tomcat across multiple branches (7.0.x, 8.5.x, 9.x, 10.x). Root cause: JSP source disclosure when serving resources from a network/NTFS location due to JRE File.getCanonicalPath() and FindFirstFileW behavior. Affected versions include 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1...
CVE-2018-8014
CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...
CVE-2019-10072
CVE-2019-10072 affects Apache Tomcat in the HTTP/2 handling. The documented issue states that the fix for CVE-2019-0199 was incomplete, allowing HTTP/2 connection window exhaustion on write (stream 0). Affected versions: Tomcat 9.0.0.M1–9.0.19 and 8.5.0–8.5.40. Consequence: server-side threads ca...
CVE-2019-2684
CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...
CVE-2020-8022
CVE-2020-8022 describes an Incorrect Default Permissions flaw in the tomcat packaging for SUSE-related products (SUSE Enterprise Storage 5, various SLE/SAP/OpenStack Cloud variants, and related SUSE builds). The issue allows a local attacker to escalate from group tomcat to root. Affected Tomcat ...
CVE-2019-0221
CVE-2019-0221 affects Apache Tomcat across multiple major lines (Tomcat 9.0.0.M1–9.0.0.17, 8.5.0–8.5.39, 7.0.0–7.0.93). The underlying issue is that the SSI printenv command echoes user-provided data without escaping, enabling cross-site scripting (XSS). SSI is disabled by default and intended fo...
CVE-2013-6357
CVE-2013-6357 affects the Apache Tomcat Manager application and can enable CSRF to hijack administrator sessions for actions that manipulate deployments via POST requests (notably undeploy via /manager/html/undeploy?path=). It targets Tomcat 5.5.25 and earlier. The description notes that the vend...
CVE-2024-56337
TOCTOU Race Condition in Apache Tomcat (CVE-2024-56337) affects 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97. The issue stems from TOCTOU vulnerability during JSP compilation/default servlet write on case-insensitive file systems. Incomplete mitigation previously for CVE-2024-50379; g...
CVE-2020-17527
CVE-2020-17527 affects multiple Apache Tomcat releases where HTTP/2 stream handling could cause information leakage by reusing an HTTP request header value from a previous stream for the next stream. Affected products/versions include Tomcat 10.0.0-M1–M9, 9.0.0-M1–9.0.39, and 8.5.0–8.5.59; the is...
CVE-2013-4286
CVE-2013-4286 affects Apache Tomcat: HTTP/AJP connectors may mishandle inconsistent headers, allowing remote request-smuggling via multiple Content-Length headers or Content-Length with Transfer-Encoding: chunked. Affected: Tomcat 6.x before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3. Ro...
CVE-2020-11996
CVE-2020-11996 affects Apache Tomcat versions 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35, and 8.5.0 to 8.5.55, where a specially crafted sequence of HTTP/2 requests could trigger high CPU and make the server unresponsive. Multiple connected advisories confirm this DoS through HTTP/2 traffic. Publ...
CVE-2012-5568
CVE-2012-5568 affects Apache Tomcat 7.0.x and enables a remote-denial-of-service via Slowloris-style partial HTTP requests. The vulnerability allows an attacker to keep connections open and exhaust resources, with a CVSS v2 base score of 5.0 in the initial metric (note: other sources list base sc...
CVE-2024-23672
Summary: CVE-2024-23672 is a Denial of Service vulnerability in Apache Tomcat affecting multiple branches (11.0.0-M1…16, 10.1.0-M1…18, 9.0.0-M1…85, 8.5.0…98) where WebSocket clients could keep connections open, leading to increased resource consumption. The connected documents confirm the root ca...
CVE-2020-13943
CVE-2020-13943 affects Apache Tomcat across multiple lines: 8.5.x (8.5.0–8.5.57), 9.0.x (9.0.0.M1–9.0.37), and 10.0.x (10.0.0-M1–10.0.0-M7). The flaw occurs when an HTTP/2 client exceeds the maximum concurrent streams, causing a subsequent request on the same connection to carry headers from a pr...
CVE-2018-11784
CVE-2018-11784 affects Apache Tomcat: the default servlet could be tricked into generating redirects to arbitrary URIs when handling requests like /foo, enabling open redirect. Affected branches include 9.0.x (9.0.0.M1–9.0.11), 8.5.x (8.5.0–8.5.33), and 7.0.x (7.0.23–7.0.90). Root cause is how th...
CVE-2021-30640
CVE-2021-30640 describes a vulnerability in the JNDI Realm of Apache Tomcat that allows an attacker to authenticate using variations of a valid username and/or bypass some LockOut Realm protections. Affected are Tomcat releases: 10.0.0-M1 through 10.0.5, 9.0.0.M1 through 9.0.45, and 8.5.0 through...
CVE-2023-46589
CVE-2023-46589 : Improper input validation in Apache Tomcat allows HTTP trailer headers to exceed the header size limit, causing the server to treat a single request as multiple requests and enabling potential request smuggling when behind a reverse proxy. Affected lines cover Tomcat releases fro...
CVE-2013-4322
CVE-2013-4322 affects Apache Tomcat on multiple branches and is caused by improper handling of chunked transfer encoding trailing headers/extensions, allowing remote DoS by streaming data. Affects Tomcat 6.x up to 6.0.39, 7.x up to 7.0.50, and 8.x up to 8.0.0-RC10, and stems from an incomplete pr...
CVE-2023-28709
The CVE-2023-28709 entry is tied to Apache Tomcat and an incomplete fix for CVE-2023-24998. The issue: when non-default HTTP connector settings allow maxParameterCount to be reached via query string parameters, a request that exactly meets maxParameterCount could bypass the limit for uploaded req...
CVE-2022-42252
CVE-2022-42252 affects multiple Tomcat series (8.5.0–8.5.82, 9.0.0-M1–9.0.67, 10.0.0-M1–10.0.26, 10.1.0-M1–10.1.0). The issue: if rejectIllegalHeader is false (default on 8.5.x), Tomcat may fail to reject a request with an invalid Content-Length header, enabling a request-smuggling scenario when ...
CVE-2020-13934
CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...
CVE-2021-33037
CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...
CVE-2018-1336
CVE-2018-1336 applies to Apache Tomcat . It is caused by an overflow in the UTF-8 decoder when handling supplementary characters, which can trigger an infinite loop and cause a Denial of Service. Affected software ranges include Tomcat 9.0.0.M9–9.0.7, 8.5.0–8.5.30, 8.0.0.RC1–8.0.51, and 7.0.28–7....
CVE-2018-8034
CVE-2018-8034 concerns missing host name verification over TLS in the WebSocket client of Apache Tomcat. The issue affects multiple Tomcat branches and versions (7.0.35–7.0.88, 8.0.0.RC1–8.0.52, 8.5.0–8.5.31, 9.0.0.M1–9.0.9). Impact: an attacker on the local network could bypass host name verific...
CVE-2025-31650
CVE-2025-31650 affects Apache Tomcat and describes a DoS due to DoS via malformed HTTP/2 PRIORITY_UPDATE frames arising from improper input handling. Affects Tomcat 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5 (including older EOL 8.5.x in discussions). Debian/AlmaLinux advisories refere...
CVE-2019-17569
CVE-2019-17569: In Apache Tomcat, a regression from refactoring in 9.0.28–9.0.30, 8.5.48–8.5.50, and 7.0.98–7.0.99 caused invalid Transfer-Encoding header handling, enabling HTTP Request Smuggling behind a misconfigured reverse proxy. Connected advisories show mitigations: Amazon Linux 2 ALAS2TOM...
CVE-2025-31651
CVE-2025-31651 affects Apache Tomcat and allows bypass of rewrite rules for a subset of unlikely configurations. Affected branches include Tomcat 11.0.0-M1–11.0.5, 10.1.0-M1–10.1.39, and 9.0.0.M1–9.0.102; Debian and Amazon advisories confirm Tomcat9/10 updates addressing this issue. The connected...
CVE-2021-42340
The CVE-2021-42340 issue is a memory leak in Apache Tomcat caused by the upgrade HTTP metric collector not releasing WebSocket resources after close. Affected versions include Tomcat 8.5.60–8.5.71, 9.0.40–9.0.53, 10.0.0-M1–10.0.11, and 10.1.0-M1–10.1.0-M5. Over time, this leak can lead to OutOfMe...
CVE-2025-55752
CVE-2025-55752 describes a Relative Path Traversal in Apache Tomcat introduced by a fix for bug 60013, allowing manipulation of the request URI to bypass protections for /WEB-INF/ and /META-INF/ and, if PUTs are enabled, potentially upload of malicious files leading to remote code execution. Affe...
CVE-2024-52316
CVE-2024-52316 is an Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat uses a custom Jakarta Authentication (JASPIC) ServerAuthContext component that throws during authentication without setting an HTTP failure status, authentication may bypass controls. Affected ranges include ...
CVE-2024-24549
Summary (CVE-2024-24549) Denial-of-Service in Apache Tomcat due to improper input validation for HTTP/2 headers. When an HTTP/2 request exceeds header limits, the HTTP/2 stream is not reset until after all headers are processed, allowing resource exhaustion in affected streams. Affected Tomcat ve...