Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 153
GHSA-3vp9-jf7f-cv3c
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
GHSA-pqr5-9v2j-44xg
Apache Tomcat DoS via Malicious Get Request
GHSA-m8w6-7rh6-4xj6
Apache Tomcat Leaks Information via Error Message
GHSA-r6cf-cr44-m8rr
Apache Tomcat Leaks Pathname Information via Error Message
GHSA-8g4f-fh7f-4fwh
Apache Tomcat Default Installation Reveals Sensitive Information
GHSA-f436-gr4m-qq5w
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
GHSA-rffr-vjp4-vxh3
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
GHSA-86fp-jgwm-wgj5
Apache Tomcat XSS Vulnerability
GHSA-8v5p-2cpv-c2x6
Apache Tomcat Source Code Disclosure
GHSA-jxcv-v856-j5vg
Apache Tomcat Source Code Disclosure
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-3vp9-jf7f-cv3c Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | 18% Средний | больше 3 лет назад | |
| GHSA-pqr5-9v2j-44xg Apache Tomcat DoS via Malicious Get Request | 21% Средний | больше 3 лет назад | |
| GHSA-m8w6-7rh6-4xj6 Apache Tomcat Leaks Information via Error Message | 7% Низкий | больше 3 лет назад | |
| GHSA-r6cf-cr44-m8rr Apache Tomcat Leaks Pathname Information via Error Message | 3% Низкий | больше 3 лет назад | |
| GHSA-8g4f-fh7f-4fwh Apache Tomcat Default Installation Reveals Sensitive Information | 32% Средний | больше 3 лет назад | |
| GHSA-f436-gr4m-qq5w The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. | 23% Средний | больше 3 лет назад | |
| GHSA-rffr-vjp4-vxh3 The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | 3% Низкий | больше 3 лет назад | |
| GHSA-86fp-jgwm-wgj5 Apache Tomcat XSS Vulnerability | 48% Средний | больше 3 лет назад | |
| GHSA-8v5p-2cpv-c2x6 Apache Tomcat Source Code Disclosure | 5% Низкий | больше 3 лет назад | |
| GHSA-jxcv-v856-j5vg Apache Tomcat Source Code Disclosure | 37% Средний | больше 3 лет назад |
Уязвимостей на страницу