Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.74%
  • Veröffentlicht 29.05.2025 19:06:04
  • Zuletzt bearbeitet 03.11.2025 20:19:05

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: f...

  • EPSS 4.18%
  • Veröffentlicht 28.04.2025 19:17:21
  • Zuletzt bearbeitet 03.11.2025 20:18:25

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules...

  • EPSS 66.93%
  • Veröffentlicht 28.04.2025 19:14:31
  • Zuletzt bearbeitet 03.11.2025 20:18:25

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger...

Warnung Medienbericht Exploit
  • EPSS 99.95%
  • Veröffentlicht 10.03.2025 16:44:03
  • Zuletzt bearbeitet 23.10.2025 14:49:29

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 1...

Medienbericht
  • EPSS 8.86%
  • Veröffentlicht 20.12.2024 16:15:24
  • Zuletzt bearbeitet 03.11.2025 21:17:51

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the t...

  • EPSS 43.66%
  • Veröffentlicht 17.12.2024 13:15:18
  • Zuletzt bearbeitet 03.11.2025 21:17:20

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apa...

  • EPSS 1.91%
  • Veröffentlicht 17.12.2024 13:15:18
  • Zuletzt bearbeitet 03.11.2025 20:16:47

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 th...

  • EPSS 1.68%
  • Veröffentlicht 18.11.2024 13:15:04
  • Zuletzt bearbeitet 15.05.2025 17:46:50

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

  • EPSS 6.29%
  • Veröffentlicht 18.11.2024 12:15:18
  • Zuletzt bearbeitet 07.11.2025 16:15:59

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly s...

  • EPSS 2.03%
  • Veröffentlicht 18.11.2024 12:15:18
  • Zuletzt bearbeitet 15.05.2025 17:51:16

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0...