Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 35.93%
  • Veröffentlicht 04.07.2016 22:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (...

  • EPSS 11.3%
  • Veröffentlicht 25.02.2016 01:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh...

  • EPSS 13.08%
  • Veröffentlicht 25.02.2016 01:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric...

  • EPSS 6.23%
  • Veröffentlicht 25.02.2016 01:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut...

  • EPSS 9.21%
  • Veröffentlicht 25.02.2016 01:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec...

  • EPSS 10.57%
  • Veröffentlicht 25.02.2016 01:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to ...

  • EPSS 18.38%
  • Veröffentlicht 25.02.2016 01:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o...

  • EPSS 12.56%
  • Veröffentlicht 25.02.2016 01:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.....

  • EPSS 13.87%
  • Veröffentlicht 07.06.2015 23:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker...

  • EPSS 20.32%
  • Veröffentlicht 07.06.2015 23:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (...