Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 153
GHSA-8qq4-8jvq-mfw4
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-6qr6-x7jm-x2q6
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-372q-33vh-8mpc
Inconsistent documentation in Apache Tomcat
GHSA-fjwp-r6fm-q6qw
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
GHSA-73rx-3f9r-x949
Insufficient Verification of Data Authenticity in Apache Tomcat
GHSA-xjgh-84hx-56c5
Unrestricted Upload of File with Dangerous Type Apache Tomcat
GHSA-68g5-8q7f-m384
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-h3ch-5pp2-vh6w
Improper socket reuse in Apache Tomcat
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the W ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-8qq4-8jvq-mfw4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | CVSS3: 7.5 | 91% Критический | больше 3 лет назад |
| GHSA-6qr6-x7jm-x2q6 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 4.3 | 1% Низкий | больше 3 лет назад |
| GHSA-372q-33vh-8mpc Inconsistent documentation in Apache Tomcat | CVSS3: 5.3 | 5% Низкий | больше 3 лет назад |
| GHSA-fjwp-r6fm-q6qw Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request | CVSS3: 7.5 | 3% Низкий | больше 3 лет назад |
| GHSA-73rx-3f9r-x949 Insufficient Verification of Data Authenticity in Apache Tomcat | CVSS3: 4.3 | 4% Низкий | больше 3 лет назад |
| GHSA-xjgh-84hx-56c5 Unrestricted Upload of File with Dangerous Type Apache Tomcat | CVSS3: 8.1 | 94% Критический | больше 3 лет назад |
| GHSA-68g5-8q7f-m384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 7.5 | 4% Низкий | больше 3 лет назад |
| GHSA-h3ch-5pp2-vh6w Improper socket reuse in Apache Tomcat | CVSS3: 8.6 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-25762 If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | CVSS3: 8.6 | 0% Низкий | больше 3 лет назад |
| CVE-2022-25762 If a web application sends a WebSocket message concurrently with the W ... | CVSS3: 8.6 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу