Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht Exploit
  • EPSS 66.54%
  • Veröffentlicht 27.10.2025 17:29:56
  • Zuletzt bearbeitet 12.05.2026 13:17:22

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite quer...

Medienbericht
  • EPSS 9.92%
  • Veröffentlicht 27.10.2025 17:29:50
  • Zuletzt bearbeitet 12.05.2026 13:17:22

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported AN...

  • EPSS 0.78%
  • Veröffentlicht 13.08.2025 13:21:35
  • Zuletzt bearbeitet 04.11.2025 22:16:30

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are r...

  • EPSS 3.39%
  • Veröffentlicht 13.08.2025 12:11:26
  • Zuletzt bearbeitet 12.05.2026 13:17:20

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.1...

  • EPSS 1.9%
  • Veröffentlicht 10.07.2025 19:14:23
  • Zuletzt bearbeitet 04.11.2025 22:16:21

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0....

  • EPSS 1.96%
  • Veröffentlicht 10.07.2025 19:05:41
  • Zuletzt bearbeitet 04.11.2025 22:16:20

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.4...

Medienbericht
  • EPSS 1.82%
  • Veröffentlicht 10.07.2025 19:03:47
  • Zuletzt bearbeitet 04.11.2025 22:16:20

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This...

  • EPSS 0.35%
  • Veröffentlicht 16.06.2025 14:22:16
  • Zuletzt bearbeitet 29.10.2025 12:15:36

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 1...

  • EPSS 3.16%
  • Veröffentlicht 16.06.2025 14:18:09
  • Zuletzt bearbeitet 03.11.2025 20:19:08

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path...

  • EPSS 54.88%
  • Veröffentlicht 16.06.2025 14:13:40
  • Zuletzt bearbeitet 03.11.2025 20:19:07

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at t...