Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 153
GHSA-v6c7-8qx5-8gmp
Deserialization of Untrusted Data in Apache Tomcat
GHSA-cw29-r48c-h5f9
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
GHSA-r7c8-hghc-2mp8
Apache Tomcat Allows Replacing of XML Parser
GHSA-3p5r-7cw3-2m67
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-vch7-92vf-jm44
Apache Tomcat does not follow ServletSecurity annotations
GHSA-28cq-6rmx-pjq4
Improper Authentication in Apache Tomcat
GHSA-9xrj-439h-62hg
Improper Authentication in Apache Tomcat
GHSA-h6c8-rg87-f3pc
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
GHSA-cpr9-82wf-f629
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
GHSA-jgm2-m5cg-f66g
Authentication Bypass in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-v6c7-8qx5-8gmp Deserialization of Untrusted Data in Apache Tomcat | 5% Низкий | больше 3 лет назад | |
| GHSA-cw29-r48c-h5f9 org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | 0% Низкий | больше 3 лет назад | |
| GHSA-r7c8-hghc-2mp8 Apache Tomcat Allows Replacing of XML Parser | 0% Низкий | больше 3 лет назад | |
| GHSA-3p5r-7cw3-2m67 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 7% Низкий | больше 3 лет назад | |
| GHSA-vch7-92vf-jm44 Apache Tomcat does not follow ServletSecurity annotations | 16% Средний | больше 3 лет назад | |
| GHSA-28cq-6rmx-pjq4 Improper Authentication in Apache Tomcat | 3% Низкий | больше 3 лет назад | |
| GHSA-9xrj-439h-62hg Improper Authentication in Apache Tomcat | 1% Низкий | больше 3 лет назад | |
| GHSA-h6c8-rg87-f3pc Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users | 12% Средний | больше 3 лет назад | |
| GHSA-cpr9-82wf-f629 java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | 12% Средний | больше 3 лет назад | |
| GHSA-jgm2-m5cg-f66g Authentication Bypass in Apache Tomcat | 4% Низкий | больше 3 лет назад |
Уязвимостей на страницу