Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
BDU:2020-03620
Уязвимость компонента PersistenceManager сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код
BDU:2020-02853
Уязвимость сервиса AJP Connector сервера приложений Apache Tomcat, позволяющая нарушителю получить несанкционированный доступ на чтения файлов веб-приложений
SUSE-SU-2020:0806-1
Security update for tomcat
SUSE-SU-2020:14334-1
Security update for tomcat6
SUSE-SU-2020:0725-1
Security update for tomcat
GHSA-767j-jfh2-jvrc
Potential HTTP request smuggling in Apache Tomcat
GHSA-qxf4-chvg-4r8r
Potential HTTP request smuggling in Apache Tomcat
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, alon
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when tr ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-9484 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. | CVSS3: 7 | 93% Критический | больше 5 лет назад |
 | BDU:2020-03620 Уязвимость компонента PersistenceManager сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код | CVSS3: 7 | 93% Критический | больше 5 лет назад |
| BDU:2020-02853 Уязвимость сервиса AJP Connector сервера приложений Apache Tomcat, позволяющая нарушителю получить несанкционированный доступ на чтения файлов веб-приложений | CVSS3: 7.5 | 1% Низкий | почти 6 лет назад |
 | SUSE-SU-2020:0806-1 Security update for tomcat | 94% Критический | почти 6 лет назад | |
| SUSE-SU-2020:14334-1 Security update for tomcat6 | 94% Критический | почти 6 лет назад | |
| SUSE-SU-2020:0725-1 Security update for tomcat | 94% Критический | почти 6 лет назад | |
| GHSA-767j-jfh2-jvrc Potential HTTP request smuggling in Apache Tomcat | CVSS3: 4.8 | 6% Низкий | почти 6 лет назад |
| GHSA-qxf4-chvg-4r8r Potential HTTP request smuggling in Apache Tomcat | CVSS3: 4.8 | 1% Низкий | почти 6 лет назад |
 | CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, alon | CVSS3: 9.8 | 94% Критический | почти 6 лет назад |
| CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when tr ... | CVSS3: 9.8 | 94% Критический | почти 6 лет назад |
Уязвимостей на страницу