Логотип exploitDog
product: "tomcat"
Консоль
Логотип exploitDog

exploitDog

product: "tomcat"
Tomcat

Tomcatконтейнер сервлетов с открытым исходным кодом

Релизный цикл, информация об уязвимостях

Продукт: Tomcat
Вендор: apache

График релизов

8.08.5910.010.111.020142015201620172018201920202021202220232024202520262027

Недавние уязвимости Tomcat

Количество 1 262

debian логотип

CVE-2021-25122

почти 5 лет назад

When responding to new h2c connection requests, Apache Tomcat versions ...

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2021-25122

почти 5 лет назад

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2021-25329

почти 5 лет назад

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS3: 7
EPSS: Низкий
redhat логотип

CVE-2021-25329

почти 5 лет назад

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS3: 7
EPSS: Низкий
redhat логотип

CVE-2021-25122

почти 5 лет назад

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2021-01808

почти 5 лет назад

Уязвимость реализации конфигурации сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код

CVSS3: 7
EPSS: Низкий
fstec логотип

BDU:2021-01807

почти 5 лет назад

Уязвимость реализации сетевого протокола HTTP/2 сервера приложений Apache Tomcat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

CVSS3: 7.5
EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:0330-1

почти 5 лет назад

Security update for tomcat

EPSS: Средний
suse-cvrf логотип

SUSE-SU-2021:0531-1

почти 5 лет назад

Security update for tomcat

EPSS: Средний
suse-cvrf логотип

SUSE-SU-2021:0530-1

почти 5 лет назад

Security update for tomcat

EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions ...

CVSS3: 7.5
3%
Низкий
почти 5 лет назад
ubuntu логотип
CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVSS3: 7.5
3%
Низкий
почти 5 лет назад
ubuntu логотип
CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS3: 7
1%
Низкий
почти 5 лет назад
redhat логотип
CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS3: 7
1%
Низкий
почти 5 лет назад
redhat логотип
CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVSS3: 7.5
3%
Низкий
почти 5 лет назад
fstec логотип
BDU:2021-01808

Уязвимость реализации конфигурации сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код

CVSS3: 7
1%
Низкий
почти 5 лет назад
fstec логотип
BDU:2021-01807

Уязвимость реализации сетевого протокола HTTP/2 сервера приложений Apache Tomcat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

CVSS3: 7.5
3%
Низкий
почти 5 лет назад
suse-cvrf логотип
openSUSE-SU-2021:0330-1

Security update for tomcat

54%
Средний
почти 5 лет назад
suse-cvrf логотип
SUSE-SU-2021:0531-1

Security update for tomcat

54%
Средний
почти 5 лет назад
suse-cvrf логотип
SUSE-SU-2021:0530-1

Security update for tomcat

54%
Средний
почти 5 лет назад

Уязвимостей на страницу

Поделиться