Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
GHSA-wfj7-mhr5-pcwq
Apache Tomcat Reveals Directories
GHSA-mxxf-x9fw-f2hv
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
GHSA-qrcx-p4rr-g48h
Apache Tomcat allows remote attackers to read JSP source files
GHSA-x89r-2wjq-mj7x
Apache Tomcat Discloses MS-DOS Pathname
GHSA-8f4w-jwqv-5cxc
Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests
GHSA-qhqv-q4xg-f6g7
Apache Tomcat AJP Connector Information Leak
GHSA-f2gq-p6qv-ccw4
Tomcat Vulnerable to Web Cache Poisoning
GHSA-3vp9-jf7f-cv3c
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
GHSA-pqr5-9v2j-44xg
Apache Tomcat DoS via Malicious Get Request
GHSA-m8w6-7rh6-4xj6
Apache Tomcat Leaks Information via Error Message
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-wfj7-mhr5-pcwq Apache Tomcat Reveals Directories | 56% Средний | почти 4 года назад | |
| GHSA-mxxf-x9fw-f2hv Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | 8% Низкий | почти 4 года назад | |
| GHSA-qrcx-p4rr-g48h Apache Tomcat allows remote attackers to read JSP source files | 1% Низкий | почти 4 года назад | |
| GHSA-x89r-2wjq-mj7x Apache Tomcat Discloses MS-DOS Pathname | 18% Средний | почти 4 года назад | |
| GHSA-8f4w-jwqv-5cxc Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests | 21% Средний | почти 4 года назад | |
| GHSA-qhqv-q4xg-f6g7 Apache Tomcat AJP Connector Information Leak | 3% Низкий | почти 4 года назад | |
| GHSA-f2gq-p6qv-ccw4 Tomcat Vulnerable to Web Cache Poisoning | 82% Высокий | почти 4 года назад | |
| GHSA-3vp9-jf7f-cv3c Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | 18% Средний | почти 4 года назад | |
| GHSA-pqr5-9v2j-44xg Apache Tomcat DoS via Malicious Get Request | 23% Средний | почти 4 года назад | |
| GHSA-m8w6-7rh6-4xj6 Apache Tomcat Leaks Information via Error Message | 7% Низкий | почти 4 года назад |
Уязвимостей на страницу