Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
RLSA-2023:5989
Important: varnish security update
SUSE-SU-2023:4163-1
Security update for netty, netty-tcnative
GHSA-r6j3-px5g-cq3x
Apache Tomcat Improper Input Validation vulnerability
GHSA-qppj-fm5r-hxr3
HTTP/2 Stream Cancellation Attack
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
GHSA-jm7m-8jh6-29hp
Apache Tomcat Incomplete Cleanup vulnerability
GHSA-g8pj-r55q-5c2v
Apache Tomcat Incomplete Cleanup vulnerability
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | RLSA-2023:5989 Important: varnish security update | 94% Критический | больше 2 лет назад | |
 | SUSE-SU-2023:4163-1 Security update for netty, netty-tcnative | 94% Критический | больше 2 лет назад | |
| GHSA-r6j3-px5g-cq3x Apache Tomcat Improper Input Validation vulnerability | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| GHSA-qppj-fm5r-hxr3 HTTP/2 Stream Cancellation Attack | CVSS3: 5.3 | 94% Критический | больше 2 лет назад |
 | CVE-2023-45648 Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| CVE-2023-45648 Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ... | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
 | CVE-2023-45648 Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| GHSA-jm7m-8jh6-29hp Apache Tomcat Incomplete Cleanup vulnerability | CVSS3: 5.9 | 0% Низкий | больше 2 лет назад |
| GHSA-g8pj-r55q-5c2v Apache Tomcat Incomplete Cleanup vulnerability | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
| CVE-2023-42795 Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу