Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ...
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. | CVSS2: 5.8 | 1% Низкий | почти 15 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | CVSS2: 5.8 | 22% Средний | почти 15 лет назад |
 | CVE-2011-0013 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | CVSS2: 4.3 | 26% Средний | почти 15 лет назад |
| CVE-2011-0013 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ... | CVSS2: 4.3 | 26% Средний | почти 15 лет назад |
 | CVE-2011-0013 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | CVSS2: 4.3 | 26% Средний | почти 15 лет назад |
| CVE-2011-0534 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | CVSS2: 5 | 16% Средний | почти 15 лет назад |
| CVE-2011-0534 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ... | CVSS2: 5 | 16% Средний | почти 15 лет назад |
| CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | CVSS2: 1.2 | 0% Низкий | почти 15 лет назад |
| CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ... | CVSS2: 1.2 | 0% Низкий | почти 15 лет назад |
| CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | CVSS2: 1.2 | 0% Низкий | почти 15 лет назад |
Уязвимостей на страницу