Tomcat — контейнер сервлетов с открытым исходным кодом

Релизный цикл, информация об уязвимостях

Продукт: Tomcat

Вендор: apache

График релизов

Недавние уязвимости Tomcat

Количество 1 143

GHSA-6v52-mj5r-7j2m

почти 7 лет назад

Apache Tomcat Race Condition vulnerability

CVSS3: 5.9

EPSS: Низкий

GHSA-46j3-r4pj-4835

почти 7 лет назад

The host name verification missing in Apache Tomcat

CVSS3: 7.5

EPSS: Средний

GHSA-r4x2-3cq5-hqvp

почти 7 лет назад

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins

CVSS3: 9.8

EPSS: Средний

GHSA-m59c-jpc8-m2x4

почти 7 лет назад

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder

CVSS3: 7.5

EPSS: Низкий

GHSA-jx6h-3fjx-cgv5

почти 7 лет назад

Apache Tomcat information exposure vulnerability

CVSS3: 6.5

EPSS: Средний

GHSA-6rxj-58jh-436r

почти 7 лет назад

Apache Tomcat unauthorized access vulnerability

CVSS3: 5.9

EPSS: Низкий

GHSA-5q99-f34m-67gc

почти 7 лет назад

Apache Tomcat Open Redirect vulnerability

CVSS3: 4.3

EPSS: Высокий

GHSA-pjfr-qf3p-3q25

почти 7 лет назад

When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

CVSS3: 8.1

EPSS: Критический

CVE-2018-11784

почти 7 лет назад

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

CVSS3: 4.3

EPSS: Высокий

CVE-2018-11784

почти 7 лет назад

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...

CVSS3: 4.3

EPSS: Высокий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-6v52-mj5r-7j2m Apache Tomcat Race Condition vulnerability	CVSS3: 5.9	6% Низкий	почти 7 лет назад
GHSA-46j3-r4pj-4835 The host name verification missing in Apache Tomcat	CVSS3: 7.5	13% Средний	почти 7 лет назад
GHSA-r4x2-3cq5-hqvp The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins	CVSS3: 9.8	58% Средний	почти 7 лет назад
GHSA-m59c-jpc8-m2x4 In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder	CVSS3: 7.5	4% Низкий	почти 7 лет назад
GHSA-jx6h-3fjx-cgv5 Apache Tomcat information exposure vulnerability	CVSS3: 6.5	18% Средний	почти 7 лет назад
GHSA-6rxj-58jh-436r Apache Tomcat unauthorized access vulnerability	CVSS3: 5.9	3% Низкий	почти 7 лет назад
GHSA-5q99-f34m-67gc Apache Tomcat Open Redirect vulnerability	CVSS3: 4.3	87% Высокий	почти 7 лет назад
GHSA-pjfr-qf3p-3q25 When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server	CVSS3: 8.1	94% Критический	почти 7 лет назад
CVE-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.	CVSS3: 4.3	87% Высокий	почти 7 лет назад
CVE-2018-11784 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...	CVSS3: 4.3	87% Высокий	почти 7 лет назад

Уязвимостей на страницу