Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 9.49%
  • Veröffentlicht 26.02.2014 14:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML d...

  • EPSS 9.9%
  • Veröffentlicht 26.02.2014 14:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a cra...

  • EPSS 0.68%
  • Veröffentlicht 15.02.2014 14:57:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain...

  • EPSS 7.2%
  • Veröffentlicht 19.01.2014 18:02:57
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a fi...

Exploit
  • EPSS 2.54%
  • Veröffentlicht 13.11.2013 15:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST met...

  • EPSS 11%
  • Veröffentlicht 01.06.2013 14:21:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

  • EPSS 7.15%
  • Veröffentlicht 01.06.2013 14:21:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,...

Exploit
  • EPSS 6.5%
  • Veröffentlicht 01.06.2013 14:21:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive req...

  • EPSS 11.98%
  • Veröffentlicht 19.12.2012 11:55:54
  • Zuletzt bearbeitet 16.06.2026 23:43:26

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then ...

  • EPSS 9.15%
  • Veröffentlicht 19.12.2012 11:55:54
  • Zuletzt bearbeitet 16.06.2026 23:45:00

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.