15 matches found
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2020-13935
CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2020-13934
CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...
CVE-2021-33037
CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...
CVE-2021-42340
The CVE-2021-42340 issue is a memory leak in Apache Tomcat caused by the upgrade HTTP metric collector not releasing WebSocket resources after close. Affected versions include Tomcat 8.5.60–8.5.71, 9.0.40–9.0.53, 10.0.0-M1–10.0.11, and 10.1.0-M1–10.1.0-M5. Over time, this leak can lead to OutOfMe...
CVE-2022-23181
CVE-2022-23181 is a TOCTTOU vulnerability introduced by the fix for CVE-2020-9484 in Apache Tomcat when the server persists sessions using FileStore. It is exploitable by a local attacker who can perform actions with the Tomcat process user privileges. Affected ranges (per the sources) include To...
CVE-2018-1305
Apache Tomcat contains CVE-2018-1305, where security constraints defined by Servlet annotations were only applied after a Servlet load, potentially allowing unauthorized access to resources depending on the order of loading. Affected releases span 7.0.0–7.0.84, 8.0.0.RC1–8.0.49, 8.5.0–8.5.27, and...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2018-1000613
CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...
CVE-2018-1000180
CVE-2018-1000180 affects Bouncy Castle BC 1.54–1.59 (and BC-FJA 1.0.0/1.0.1) with a flaw in the Low-level RSA key pair generator interface that may produce RSA key pairs with fewer Miller–Rabin primality tests than expected. IBM vulnerability bulletins associate this CVE with IBM products (e.g., ...
CVE-2019-17359
The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...
CVE-2019-2538
CVE-2019-2538 is a vulnerability in the Oracle Managed File Transfer (MFT Runtime Server) component of Oracle Fusion Middleware . Affected versions are 19.1.0.0.0 and 12.2.1.3.0 . The issue allows a low-privileged attacker who can access the service over the network via HTTP to compromise MFT, po...