CVE-2016-0763
- EPSS 11.3%
- Veröffentlicht 25.02.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh...
CVE-2016-0714
- EPSS 13.08%
- Veröffentlicht 25.02.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric...
CVE-2016-0706
- EPSS 6.23%
- Veröffentlicht 25.02.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut...
CVE-2015-5351
- EPSS 9.21%
- Veröffentlicht 25.02.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec...
CVE-2015-5346
- EPSS 10.57%
- Veröffentlicht 25.02.2016 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to ...
CVE-2015-5345
- EPSS 18.38%
- Veröffentlicht 25.02.2016 01:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o...
CVE-2015-5174
- EPSS 12.56%
- Veröffentlicht 25.02.2016 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.....
CVE-2013-7448
- EPSS 3.53%
- Veröffentlicht 23.02.2016 19:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
CVE-2016-2037
- EPSS 5.48%
- Veröffentlicht 22.02.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
- EPSS 2.64%
- Veröffentlicht 21.02.2016 18:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.