Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 245
GHSA-j448-j653-r3vj
Apache Tomcat is vulnerable to HTTP request-smuggling
GHSA-qfxv-3ppc-7qg5
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
GHSA-87w9-x2c3-hrjj
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-6gjj-c5mj-4cvp
Improper Input Validation in Apache Tomcat
GHSA-wq2p-q66w-q8gp
Apache Tomcat Denial of Service vulnerability
GHSA-6m48-jxwx-76q7
Improper Authentication in Apache Tomcat
GHSA-475f-74wp-pqv5
Integer Overflow or Wraparound in Apache Tomcat
GHSA-42j3-498q-m6vp
Improper Input Validation in Apache Tomcat
GHSA-xh5x-j8jf-pcpx
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-j448-j653-r3vj Apache Tomcat is vulnerable to HTTP request-smuggling | 26% Средний | больше 3 лет назад | |
| GHSA-qfxv-3ppc-7qg5 Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | 44% Средний | больше 3 лет назад | |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 5% Низкий | больше 3 лет назад | |
| GHSA-87w9-x2c3-hrjj Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-6gjj-c5mj-4cvp Improper Input Validation in Apache Tomcat | 12% Средний | больше 3 лет назад | |
| GHSA-wq2p-q66w-q8gp Apache Tomcat Denial of Service vulnerability | 71% Высокий | больше 3 лет назад | |
| GHSA-6m48-jxwx-76q7 Improper Authentication in Apache Tomcat | 4% Низкий | больше 3 лет назад | |
| GHSA-475f-74wp-pqv5 Integer Overflow or Wraparound in Apache Tomcat | 79% Высокий | больше 3 лет назад | |
| GHSA-42j3-498q-m6vp Improper Input Validation in Apache Tomcat | 84% Высокий | больше 3 лет назад | |
| GHSA-xh5x-j8jf-pcpx Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat | 71% Высокий | больше 3 лет назад |
Уязвимостей на страницу