Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 7.75%
  • Veröffentlicht 17.04.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to th...

Warnung
  • EPSS 90.34%
  • Veröffentlicht 06.04.2017 21:59:00
  • Zuletzt bearbeitet 21.04.2026 17:03:44

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because...

  • EPSS 0.75%
  • Veröffentlicht 23.03.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debi...

  • EPSS 0.74%
  • Veröffentlicht 23.03.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on D...

  • EPSS 39.63%
  • Veröffentlicht 20.03.2017 18:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also ...

  • EPSS 7.18%
  • Veröffentlicht 14.03.2017 09:59:00
  • Zuletzt bearbeitet 16.04.2026 21:06:47

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different...

  • EPSS 0.69%
  • Veröffentlicht 13.10.2016 14:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging me...

Exploit
  • EPSS 3.78%
  • Veröffentlicht 13.10.2016 14:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging me...

  • EPSS 9.78%
  • Veröffentlicht 03.10.2016 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-jav...

  • EPSS 50.9%
  • Veröffentlicht 19.07.2016 02:00:20
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh...