CVE-2019-17563
- EPSS 3.26%
- Veröffentlicht 23.12.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:32
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p...
CVE-2018-1304
- EPSS 1.79%
- Veröffentlicht 28.02.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:35
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti...
CVE-2018-1305
- EPSS 17.66%
- Veröffentlicht 23.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:35
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap...
CVE-2016-8735
- EPSS 93.9%
- Veröffentlicht 06.04.2017 21:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because...