CVE-2020-1938
- EPSS 94.47%
- Published 24.02.2020 22:15:12
- Last modified 28.03.2025 17:15:49
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t...
CVE-2019-17569
- EPSS 6.16%
- Published 24.02.2020 22:15:11
- Last modified 21.11.2024 04:32:33
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H...
CVE-2020-1935
- EPSS 1.01%
- Published 24.02.2020 22:15:11
- Last modified 21.11.2024 05:11:38
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug...
CVE-2017-12617
- EPSS 94.37%
- Published 04.10.2017 01:29:02
- Last modified 20.04.2025 01:37:25
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload ...