Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 153
GHSA-ppj6-9ppm-3h56
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
GHSA-xmf4-j3j7-xj7q
Apache Tomcat DoS Via Requests Including Null Characters
GHSA-jjxj-xvcp-cxv8
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
GHSA-p543-jg43-9pm5
Apache Tomcat may be started without proper security settings
GHSA-p263-rh6r-g7jw
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
GHSA-2w2w-cv3h-rr38
Apache Tomcat Reveals Path through Long URL
GHSA-58hj-575g-5j25
Apache Tomcat allows webmasters to insert xss into error messages
GHSA-x445-mmpw-7r4f
Apache Tomcat Allows Source Disclosure
GHSA-4gr9-99j3-vqxv
Apache Tomcat Directory Traversal
GHSA-qqr5-q566-72w2
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-ppj6-9ppm-3h56 The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | 8% Низкий | больше 3 лет назад | |
| GHSA-xmf4-j3j7-xj7q Apache Tomcat DoS Via Requests Including Null Characters | 2% Низкий | больше 3 лет назад | |
| GHSA-jjxj-xvcp-cxv8 Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | 67% Средний | больше 3 лет назад | |
| GHSA-p543-jg43-9pm5 Apache Tomcat may be started without proper security settings | 1% Низкий | больше 3 лет назад | |
| GHSA-p263-rh6r-g7jw Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | 5% Низкий | больше 3 лет назад | |
| GHSA-2w2w-cv3h-rr38 Apache Tomcat Reveals Path through Long URL | 3% Низкий | больше 3 лет назад | |
| GHSA-58hj-575g-5j25 Apache Tomcat allows webmasters to insert xss into error messages | 1% Низкий | больше 3 лет назад | |
| GHSA-x445-mmpw-7r4f Apache Tomcat Allows Source Disclosure | 22% Средний | больше 3 лет назад | |
| GHSA-4gr9-99j3-vqxv Apache Tomcat Directory Traversal | 4% Низкий | больше 3 лет назад | |
| GHSA-qqr5-q566-72w2 The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | 38% Средний | больше 3 лет назад |
Уязвимостей на страницу