Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
GHSA-4f7h-9j2x-cmr4
Improper Authentication in Apache Tomcat
GHSA-hffm-fqv4-w27r
Improper Authentication in Apache Tomcat
GHSA-6cr4-7c7p-p3xv
Use of Hard-coded Cryptographic Key in Apache Tomcat
GHSA-c57p-3v2g-w9rg
Insertion of Sensitive Information into Log File in Apache Tomcat
GHSA-c38m-v4m2-524v
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
GHSA-fj6c-prgj-gr3r
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-q9xf-jwr4-v445
Authentication Bypass in Apache Tomcat
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
GHSA-qfxv-3ppc-7qg5
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
GHSA-j448-j653-r3vj
Apache Tomcat is vulnerable to HTTP request-smuggling
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-4f7h-9j2x-cmr4 Improper Authentication in Apache Tomcat | 3% Низкий | больше 3 лет назад | |
| GHSA-hffm-fqv4-w27r Improper Authentication in Apache Tomcat | 2% Низкий | больше 3 лет назад | |
| GHSA-6cr4-7c7p-p3xv Use of Hard-coded Cryptographic Key in Apache Tomcat | 5% Низкий | больше 3 лет назад | |
| GHSA-c57p-3v2g-w9rg Insertion of Sensitive Information into Log File in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-c38m-v4m2-524v Apache Tomcat Allows Remote Attackers to Spoof AJP Requests | 1% Низкий | больше 3 лет назад | |
| GHSA-fj6c-prgj-gr3r Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-q9xf-jwr4-v445 Authentication Bypass in Apache Tomcat | 7% Низкий | больше 3 лет назад | |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 5% Низкий | больше 3 лет назад | |
| GHSA-qfxv-3ppc-7qg5 Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | 44% Средний | больше 3 лет назад | |
| GHSA-j448-j653-r3vj Apache Tomcat is vulnerable to HTTP request-smuggling | 26% Средний | больше 3 лет назад |
Уязвимостей на страницу