Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 57.29%
  • Veröffentlicht 12.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:02:11

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subs...

  • EPSS 64.12%
  • Veröffentlicht 14.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:10

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException co...

  • EPSS 87.55%
  • Veröffentlicht 14.07.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:10

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv...

Exploit
  • EPSS 0.86%
  • Veröffentlicht 29.06.2020 09:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:14

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise S...

  • EPSS 26.7%
  • Veröffentlicht 26.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:04

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTT...

  • EPSS 56.64%
  • Veröffentlicht 20.05.2020 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:40:44

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste...

Warnung Exploit
  • EPSS 99.27%
  • Veröffentlicht 24.02.2020 22:15:12
  • Zuletzt bearbeitet 27.10.2025 17:37:12

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t...

  • EPSS 8.87%
  • Veröffentlicht 24.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:33

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H...

  • EPSS 9.39%
  • Veröffentlicht 24.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:38

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug...

  • EPSS 1.22%
  • Veröffentlicht 23.12.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:22:48

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perf...