Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
GHSA-p26v-97vp-jcx6
Access controll bypass in Apache Tomcat
GHSA-3xpj-jgv5-q4vv
Access restriction bypass in Apache Tomcat
GHSA-8c5c-v572-37xf
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
GHSA-c78g-qwpw-2jgv
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
GHSA-pvjh-7h8q-q56r
Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
GHSA-9hjv-9h75-xmpp
Improper Verification of Source of a Communication Channel in Apache Tomcat
GHSA-9737-qmgc-hfr9
Directory Traversal in Apache Tomcat
GHSA-6cr4-7c7p-p3xv
Use of Hard-coded Cryptographic Key in Apache Tomcat
GHSA-c57p-3v2g-w9rg
Insertion of Sensitive Information into Log File in Apache Tomcat
GHSA-4f7h-9j2x-cmr4
Improper Authentication in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-p26v-97vp-jcx6 Access controll bypass in Apache Tomcat | 1% Низкий | больше 3 лет назад | |
| GHSA-3xpj-jgv5-q4vv Access restriction bypass in Apache Tomcat | 2% Низкий | больше 3 лет назад | |
| GHSA-8c5c-v572-37xf The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. | CVSS3: 7.8 | 18% Средний | больше 3 лет назад |
| GHSA-c78g-qwpw-2jgv Improper Neutralization of Input During Web Page Generation in Apache Tomcat | 12% Средний | больше 3 лет назад | |
| GHSA-pvjh-7h8q-q56r Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header | 2% Низкий | больше 3 лет назад | |
| GHSA-9hjv-9h75-xmpp Improper Verification of Source of a Communication Channel in Apache Tomcat | CVSS3: 6.3 | 0% Низкий | больше 3 лет назад |
| GHSA-9737-qmgc-hfr9 Directory Traversal in Apache Tomcat | CVSS3: 5.3 | 61% Средний | больше 3 лет назад |
| GHSA-6cr4-7c7p-p3xv Use of Hard-coded Cryptographic Key in Apache Tomcat | 5% Низкий | больше 3 лет назад | |
| GHSA-c57p-3v2g-w9rg Insertion of Sensitive Information into Log File in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-4f7h-9j2x-cmr4 Improper Authentication in Apache Tomcat | 3% Низкий | больше 3 лет назад |
Уязвимостей на страницу