Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 245
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
GHSA-jmvv-524f-hj5j
Improper Handling of Exceptional Conditions in Apache Tomcat
GHSA-9785-w233-x6hv
Improper Resource Shutdown or Release in Apache Tomcat
GHSA-9hg2-395j-83rm
Expected Behavior Violation in Apache Tomcat
GHSA-3vx3-xf6q-r5xp
Exposure of Resource to Wrong Sphere in Apache Tomcat
GHSA-c7fc-mp9g-99j3
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
GHSA-v646-rx6w-r3qq
Improper Access Control in Apache Tomcat
GHSA-jc7p-5r39-9477
Improper Input Validation in Apache Tomcat
GHSA-cw54-59pw-4g8c
Apache Tomcat Improper Access Control vulnerability
GHSA-h6c8-x5r3-pm88
Apache Tomcat Unrestricted file upload vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-25762 If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | CVSS3: 8.6 | 1% Низкий | больше 3 лет назад |
| GHSA-jmvv-524f-hj5j Improper Handling of Exceptional Conditions in Apache Tomcat | CVSS3: 7.5 | 11% Средний | больше 3 лет назад |
| GHSA-9785-w233-x6hv Improper Resource Shutdown or Release in Apache Tomcat | CVSS3: 7.5 | 19% Средний | больше 3 лет назад |
| GHSA-9hg2-395j-83rm Expected Behavior Violation in Apache Tomcat | CVSS3: 9.8 | 6% Низкий | больше 3 лет назад |
| GHSA-3vx3-xf6q-r5xp Exposure of Resource to Wrong Sphere in Apache Tomcat | CVSS3: 9.1 | 19% Средний | больше 3 лет назад |
| GHSA-c7fc-mp9g-99j3 The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | CVSS3: 7.8 | 14% Средний | больше 3 лет назад |
| GHSA-v646-rx6w-r3qq Improper Access Control in Apache Tomcat | CVSS3: 8.1 | 74% Высокий | больше 3 лет назад |
| GHSA-jc7p-5r39-9477 Improper Input Validation in Apache Tomcat | CVSS3: 7.1 | 3% Низкий | больше 3 лет назад |
| GHSA-cw54-59pw-4g8c Apache Tomcat Improper Access Control vulnerability | CVSS3: 9.8 | 94% Критический | больше 3 лет назад |
| GHSA-h6c8-x5r3-pm88 Apache Tomcat Unrestricted file upload vulnerability | 20% Средний | больше 3 лет назад |
Уязвимостей на страницу