Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.69%
  • Veröffentlicht 27.01.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:48:08

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privi...

  • EPSS 11%
  • Veröffentlicht 14.10.2021 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:27:38

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for We...

  • EPSS 7.18%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:24

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an in...

  • EPSS 6.89%
  • Veröffentlicht 12.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:04:20

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was no...

  • EPSS 9.89%
  • Veröffentlicht 12.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:04:20

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9...

  • EPSS 75.35%
  • Veröffentlicht 12.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:08:10

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specific...

  • EPSS 9.49%
  • Veröffentlicht 01.03.2021 12:15:14
  • Zuletzt bearbeitet 21.11.2024 05:54:45

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnera...

  • EPSS 18.11%
  • Veröffentlicht 01.03.2021 12:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:23

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and use...

  • EPSS 22.85%
  • Veröffentlicht 14.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:23

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. ...

  • EPSS 24.62%
  • Veröffentlicht 03.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:17

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request asso...