Tomcat@8.0.8 Security Vulnerabilities and Issues — Tomcat@8.0.8 CVE List

Lucene search

ApacheTomcat8.0.8

9 matches found

CVE•added 2016/07/04 10:59 p.m.•340 views

CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

7.8CVSS7.5AI score0.44747EPSS

CVE•added 2017/08/11 2:29 a.m.•307 views

CVE-2017-7674

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

4.3CVSS5.8AI score0.04091EPSS

CVE•added 2017/04/17 4:59 p.m.•303 views

CVE-2017-5647

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This ...

7.5CVSS8.3AI score0.03077EPSS

CVE•added 2017/08/10 10:29 p.m.•297 views

CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn mea...

7.5CVSS7.5AI score0.21596EPSS

CVE•added 2017/04/17 4:59 p.m.•297 views

CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was t...

9.1CVSS9.1AI score0.06455EPSS

CVE•added 2017/03/20 6:59 p.m.•290 views

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a diffe...

7.1CVSS7.9AI score0.02781EPSS

CVE•added 2015/06/07 11:59 p.m.•214 views

CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted uploa...

7.8CVSS5.5AI score0.06351EPSS

CVE•added 2015/06/07 11:59 p.m.•184 views

CVE-2014-7810

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.4AI score0.09321EPSS

CVE•added 2015/02/16 12:59 a.m.•145 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks o...

6.4CVSS6.2AI score0.85997EPSS