Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
GHSA-79m3-w93m-vjpg
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
GHSA-8h2q-qm9x-55jc
Denial of Service in Apache Tomcat
GHSA-3p86-xgrq-m6p6
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
GHSA-w6q7-ww2x-7gm3
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-975h-h4pp-737q
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
GHSA-8wch-9gcg-v2pr
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
GHSA-hjfh-7c4v-7q8h
Improper Authentication in Apache Tomcat
GHSA-ggx9-4728-588r
Apache Tomcat Directory Traversal vulnerability
GHSA-x75h-2jg7-ffxw
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
GHSA-hhjg-g8xq-hhr3
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-79m3-w93m-vjpg ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | 0% Низкий | почти 4 года назад | |
| GHSA-8h2q-qm9x-55jc Denial of Service in Apache Tomcat | 23% Средний | почти 4 года назад | |
| GHSA-3p86-xgrq-m6p6 Improper Neutralization of Input During Web Page Generation in Apache Tomcat | 26% Средний | почти 4 года назад | |
| GHSA-w6q7-ww2x-7gm3 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 17% Средний | почти 4 года назад | |
| GHSA-975h-h4pp-737q The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | 87% Высокий | почти 4 года назад | |
| GHSA-8wch-9gcg-v2pr Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat | 10% Средний | почти 4 года назад | |
| GHSA-hjfh-7c4v-7q8h Improper Authentication in Apache Tomcat | 7% Низкий | почти 4 года назад | |
| GHSA-ggx9-4728-588r Apache Tomcat Directory Traversal vulnerability | 15% Средний | почти 4 года назад | |
| GHSA-x75h-2jg7-ffxw Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781. | 1% Низкий | почти 4 года назад | |
| GHSA-hhjg-g8xq-hhr3 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | CVSS3: 4.2 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу