Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 155
GHSA-c38m-v4m2-524v
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
GHSA-q9xf-jwr4-v445
Authentication Bypass in Apache Tomcat
GHSA-qfxv-3ppc-7qg5
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
GHSA-j448-j653-r3vj
Apache Tomcat is vulnerable to HTTP request-smuggling
GHSA-6gjj-c5mj-4cvp
Improper Input Validation in Apache Tomcat
GHSA-wq2p-q66w-q8gp
Apache Tomcat Denial of Service vulnerability
GHSA-6m48-jxwx-76q7
Improper Authentication in Apache Tomcat
GHSA-87w9-x2c3-hrjj
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-475f-74wp-pqv5
Integer Overflow or Wraparound in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-c38m-v4m2-524v Apache Tomcat Allows Remote Attackers to Spoof AJP Requests | 1% Низкий | больше 3 лет назад | |
| GHSA-q9xf-jwr4-v445 Authentication Bypass in Apache Tomcat | 5% Низкий | больше 3 лет назад | |
| GHSA-qfxv-3ppc-7qg5 Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | 38% Средний | больше 3 лет назад | |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 6% Низкий | больше 3 лет назад | |
| GHSA-j448-j653-r3vj Apache Tomcat is vulnerable to HTTP request-smuggling | 26% Средний | больше 3 лет назад | |
| GHSA-6gjj-c5mj-4cvp Improper Input Validation in Apache Tomcat | 16% Средний | больше 3 лет назад | |
| GHSA-wq2p-q66w-q8gp Apache Tomcat Denial of Service vulnerability | 67% Средний | больше 3 лет назад | |
| GHSA-6m48-jxwx-76q7 Improper Authentication in Apache Tomcat | 4% Низкий | больше 3 лет назад | |
| GHSA-87w9-x2c3-hrjj Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 1% Низкий | больше 3 лет назад | |
| GHSA-475f-74wp-pqv5 Integer Overflow or Wraparound in Apache Tomcat | 80% Высокий | больше 3 лет назад |
Уязвимостей на страницу