Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 133
CVE-2024-52318
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
CVE-2024-52318
Incorrect object recycling and reuse vulnerability in Apache Tomcat. ...
CVE-2024-52318
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
GHSA-qvf5-hvjx-wm27
Apache Tomcat Request and/or response mix-up
GHSA-xcpr-7mr4-h4xq
Apache Tomcat - Authentication Bypass
CVE-2024-52318
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
CVE-2024-52317
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
CVE-2024-52317
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-52318 Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | CVSS3: 6.1 | 2% Низкий | 9 месяцев назад |
| CVE-2024-52318 Incorrect object recycling and reuse vulnerability in Apache Tomcat. ... | CVSS3: 6.1 | 2% Низкий | 9 месяцев назад |
 | CVE-2024-52318 Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | CVSS3: 6.1 | 2% Низкий | 9 месяцев назад |
| GHSA-qvf5-hvjx-wm27 Apache Tomcat Request and/or response mix-up | CVSS3: 6.5 | 4% Низкий | 9 месяцев назад |
| GHSA-xcpr-7mr4-h4xq Apache Tomcat - Authentication Bypass | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-52318 Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | CVSS3: 5.4 | 2% Низкий | 9 месяцев назад |
| CVE-2024-52317 Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | CVSS3: 6.5 | 4% Низкий | 9 месяцев назад |
| CVE-2024-52317 Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ... | CVSS3: 6.5 | 4% Низкий | 9 месяцев назад |
| CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
| CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ... | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу