Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 21.05%
  • Veröffentlicht 16.02.2015 00:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote atta...

  • EPSS 13.99%
  • Veröffentlicht 12.09.2014 01:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP f...

  • EPSS 20.06%
  • Veröffentlicht 31.05.2014 11:17:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource ...

  • EPSS 8.49%
  • Veröffentlicht 31.05.2014 11:17:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

  • EPSS 6.91%
  • Veröffentlicht 31.05.2014 11:17:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager...

  • EPSS 8.84%
  • Veröffentlicht 31.05.2014 11:17:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf...

  • EPSS 7.62%
  • Veröffentlicht 31.05.2014 11:17:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a...

Exploit
  • EPSS 83.18%
  • Veröffentlicht 01.04.2014 06:27:51
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that b...

  • EPSS 16.83%
  • Veröffentlicht 26.02.2014 14:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identifi...

  • EPSS 9.46%
  • Veröffentlicht 26.02.2014 14:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field...