Tomcat — контейнер сервлетов с открытым исходным кодом

Релизный цикл, информация об уязвимостях

Продукт: Tomcat

Вендор: apache

График релизов

Недавние уязвимости Tomcat

Количество 1 262

GHSA-r6cf-cr44-m8rr

почти 4 года назад

Apache Tomcat Leaks Pathname Information via Error Message

EPSS: Низкий

GHSA-f436-gr4m-qq5w

почти 4 года назад

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

EPSS: Средний

GHSA-8g4f-fh7f-4fwh

почти 4 года назад

Apache Tomcat Default Installation Reveals Sensitive Information

EPSS: Средний

GHSA-rffr-vjp4-vxh3

почти 4 года назад

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

EPSS: Низкий

GHSA-86fp-jgwm-wgj5

почти 4 года назад

Apache Tomcat XSS Vulnerability

EPSS: Средний

GHSA-8v5p-2cpv-c2x6

почти 4 года назад

Apache Tomcat Source Code Disclosure

EPSS: Низкий

GHSA-jxcv-v856-j5vg

почти 4 года назад

Apache Tomcat Source Code Disclosure

EPSS: Средний

GHSA-ppj6-9ppm-3h56

почти 4 года назад

The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

EPSS: Низкий

GHSA-xmf4-j3j7-xj7q

почти 4 года назад

Apache Tomcat DoS Via Requests Including Null Characters

EPSS: Низкий

GHSA-jjxj-xvcp-cxv8

почти 4 года назад

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	EPSS	Опубликовано 1
GHSA-r6cf-cr44-m8rr Apache Tomcat Leaks Pathname Information via Error Message	3% Низкий	почти 4 года назад
GHSA-f436-gr4m-qq5w The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.	23% Средний	почти 4 года назад
GHSA-8g4f-fh7f-4fwh Apache Tomcat Default Installation Reveals Sensitive Information	32% Средний	почти 4 года назад
GHSA-rffr-vjp4-vxh3 The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.	3% Низкий	почти 4 года назад
GHSA-86fp-jgwm-wgj5 Apache Tomcat XSS Vulnerability	42% Средний	почти 4 года назад
GHSA-8v5p-2cpv-c2x6 Apache Tomcat Source Code Disclosure	5% Низкий	почти 4 года назад
GHSA-jxcv-v856-j5vg Apache Tomcat Source Code Disclosure	37% Средний	почти 4 года назад
GHSA-ppj6-9ppm-3h56 The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).	8% Низкий	почти 4 года назад
GHSA-xmf4-j3j7-xj7q Apache Tomcat DoS Via Requests Including Null Characters	3% Низкий	почти 4 года назад
GHSA-jjxj-xvcp-cxv8 Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.	83% Высокий	почти 4 года назад

Уязвимостей на страницу