- EPSS 0.69%
- Veröffentlicht 27.01.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:48:08
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privi...
CVE-2021-42340
- EPSS 11%
- Veröffentlicht 14.10.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:27:38
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for We...
CVE-2021-41079
- EPSS 7.18%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:24
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an in...
CVE-2021-30639
- EPSS 6.89%
- Veröffentlicht 12.07.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:04:20
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was no...
CVE-2021-30640
- EPSS 9.89%
- Veröffentlicht 12.07.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:04:20
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9...
CVE-2021-33037
- EPSS 75.35%
- Veröffentlicht 12.07.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:10
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specific...
- EPSS 9.49%
- Veröffentlicht 01.03.2021 12:15:14
- Zuletzt bearbeitet 21.11.2024 05:54:45
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnera...
CVE-2021-25122
- EPSS 18.11%
- Veröffentlicht 01.03.2021 12:15:13
- Zuletzt bearbeitet 21.11.2024 05:54:23
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and use...
CVE-2021-24122
- EPSS 22.85%
- Veröffentlicht 14.01.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:52:23
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. ...
CVE-2020-17527
- EPSS 24.62%
- Veröffentlicht 03.12.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:08:17
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request asso...