Tomcat — контейнер сервлетов с открытым исходным кодом

Релизный цикл, информация об уязвимостях

Продукт: Tomcat

Вендор: apache

График релизов

Недавние уязвимости Tomcat

Количество 1 262

GHSA-p26v-97vp-jcx6

больше 3 лет назад

Access controll bypass in Apache Tomcat

EPSS: Низкий

GHSA-3xpj-jgv5-q4vv

больше 3 лет назад

Access restriction bypass in Apache Tomcat

EPSS: Низкий

GHSA-8c5c-v572-37xf

больше 3 лет назад

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

CVSS3: 7.8

EPSS: Средний

GHSA-c78g-qwpw-2jgv

больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

EPSS: Средний

GHSA-pvjh-7h8q-q56r

больше 3 лет назад

Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header

EPSS: Низкий

GHSA-9hjv-9h75-xmpp

больше 3 лет назад

Improper Verification of Source of a Communication Channel in Apache Tomcat

CVSS3: 6.3

EPSS: Низкий

GHSA-9737-qmgc-hfr9

больше 3 лет назад

Directory Traversal in Apache Tomcat

CVSS3: 5.3

EPSS: Средний

GHSA-cxg2-49rq-8gcr

больше 3 лет назад

Apache Tomcat does not properly handle an invalid Transfer-Encoding header

EPSS: Высокий

GHSA-7mg3-pr99-8rh7

больше 3 лет назад

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

EPSS: Низкий

GHSA-9ggm-7897-x4mg

больше 3 лет назад

Improper Input Validation in Apache Tomcat

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-p26v-97vp-jcx6 Access controll bypass in Apache Tomcat		1% Низкий	больше 3 лет назад
GHSA-3xpj-jgv5-q4vv Access restriction bypass in Apache Tomcat		2% Низкий	больше 3 лет назад
GHSA-8c5c-v572-37xf The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.	CVSS3: 7.8	19% Средний	больше 3 лет назад
GHSA-c78g-qwpw-2jgv Improper Neutralization of Input During Web Page Generation in Apache Tomcat		12% Средний	больше 3 лет назад
GHSA-pvjh-7h8q-q56r Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header		2% Низкий	больше 3 лет назад
GHSA-9hjv-9h75-xmpp Improper Verification of Source of a Communication Channel in Apache Tomcat	CVSS3: 6.3	0% Низкий	больше 3 лет назад
GHSA-9737-qmgc-hfr9 Directory Traversal in Apache Tomcat	CVSS3: 5.3	61% Средний	больше 3 лет назад
GHSA-cxg2-49rq-8gcr Apache Tomcat does not properly handle an invalid Transfer-Encoding header		74% Высокий	больше 3 лет назад
GHSA-7mg3-pr99-8rh7 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.		9% Низкий	больше 3 лет назад
GHSA-9ggm-7897-x4mg Improper Input Validation in Apache Tomcat		0% Низкий	больше 3 лет назад

Уязвимостей на страницу