Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
CVE-2011-1419
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
CVE-2011-1419
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ...
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
CVE-2011-1419
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ... | CVSS2: 5.8 | 1% Низкий | почти 15 лет назад |
 | CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. | CVSS2: 5.8 | 1% Низкий | почти 15 лет назад |
| CVE-2011-1475 The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | CVSS2: 5 | 12% Средний | почти 15 лет назад |
 | CVE-2011-1475 The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | CVSS2: 4.3 | 12% Средний | почти 15 лет назад |
 | CVE-2011-1419 Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. | CVSS2: 5.8 | 16% Средний | почти 15 лет назад |
| CVE-2011-1419 Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ... | CVSS2: 5.8 | 16% Средний | почти 15 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | CVSS2: 5.8 | 22% Средний | почти 15 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ... | CVSS2: 5.8 | 22% Средний | почти 15 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | CVSS2: 5.8 | 22% Средний | почти 15 лет назад |
| CVE-2011-1419 Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. | CVSS2: 5.8 | 16% Средний | почти 15 лет назад |
Уязвимостей на страницу