Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
GHSA-9ggm-7897-x4mg
Improper Input Validation in Apache Tomcat
GHSA-hffm-fqv4-w27r
Improper Authentication in Apache Tomcat
GHSA-7mg3-pr99-8rh7
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
GHSA-cxg2-49rq-8gcr
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
GHSA-q9xf-jwr4-v445
Authentication Bypass in Apache Tomcat
GHSA-c38m-v4m2-524v
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
GHSA-fj6c-prgj-gr3r
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
GHSA-qfxv-3ppc-7qg5
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
GHSA-j448-j653-r3vj
Apache Tomcat is vulnerable to HTTP request-smuggling
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-9ggm-7897-x4mg Improper Input Validation in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-hffm-fqv4-w27r Improper Authentication in Apache Tomcat | 2% Низкий | больше 3 лет назад | |
| GHSA-7mg3-pr99-8rh7 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | 9% Низкий | больше 3 лет назад | |
| GHSA-cxg2-49rq-8gcr Apache Tomcat does not properly handle an invalid Transfer-Encoding header | 74% Высокий | больше 3 лет назад | |
| GHSA-q9xf-jwr4-v445 Authentication Bypass in Apache Tomcat | 7% Низкий | больше 3 лет назад | |
| GHSA-c38m-v4m2-524v Apache Tomcat Allows Remote Attackers to Spoof AJP Requests | 1% Низкий | больше 3 лет назад | |
| GHSA-fj6c-prgj-gr3r Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 5% Низкий | больше 3 лет назад | |
| GHSA-qfxv-3ppc-7qg5 Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | 44% Средний | больше 3 лет назад | |
| GHSA-j448-j653-r3vj Apache Tomcat is vulnerable to HTTP request-smuggling | 26% Средний | больше 3 лет назад |
Уязвимостей на страницу