CVE-2025-46701
- EPSS 2.74%
- Veröffentlicht 29.05.2025 19:06:04
- Zuletzt bearbeitet 03.11.2025 20:19:05
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: f...
CVE-2025-31651
- EPSS 4.18%
- Veröffentlicht 28.04.2025 19:17:21
- Zuletzt bearbeitet 03.11.2025 20:18:25
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules...
CVE-2025-31650
- EPSS 66.93%
- Veröffentlicht 28.04.2025 19:14:31
- Zuletzt bearbeitet 03.11.2025 20:18:25
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger...
CVE-2025-24813
- EPSS 99.95%
- Veröffentlicht 10.03.2025 16:44:03
- Zuletzt bearbeitet 23.10.2025 14:49:29
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 1...
CVE-2024-56337
- EPSS 8.86%
- Veröffentlicht 20.12.2024 16:15:24
- Zuletzt bearbeitet 03.11.2025 21:17:51
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the t...
CVE-2024-50379
- EPSS 43.66%
- Veröffentlicht 17.12.2024 13:15:18
- Zuletzt bearbeitet 03.11.2025 21:17:20
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apa...
CVE-2024-54677
- EPSS 1.91%
- Veröffentlicht 17.12.2024 13:15:18
- Zuletzt bearbeitet 03.11.2025 20:16:47
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 th...
CVE-2024-52318
- EPSS 1.68%
- Veröffentlicht 18.11.2024 13:15:04
- Zuletzt bearbeitet 15.05.2025 17:46:50
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
CVE-2024-52316
- EPSS 6.29%
- Veröffentlicht 18.11.2024 12:15:18
- Zuletzt bearbeitet 07.11.2025 16:15:59
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly s...
CVE-2024-52317
- EPSS 2.03%
- Veröffentlicht 18.11.2024 12:15:18
- Zuletzt bearbeitet 15.05.2025 17:51:16
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0...