Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 245
BDU:2015-00410
Уязвимость программного обеспечения Apache Tomcat, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0 ...
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CVE-2014-0230
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
CVE-2014-0119
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
CVE-2014-0119
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...
CVE-2014-0099
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
CVE-2014-0099
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2015-00410 Уязвимость программного обеспечения Apache Tomcat, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 6.8 | 20% Средний | около 11 лет назад |
 | CVE-2013-4444 Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. | CVSS2: 6.8 | 20% Средний | около 11 лет назад |
| CVE-2013-4444 Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0 ... | CVSS2: 6.8 | 20% Средний | около 11 лет назад |
 | CVE-2013-4444 Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. | CVSS2: 6.8 | 20% Средний | около 11 лет назад |
 | CVE-2013-4444 Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. | CVSS2: 7.5 | 20% Средний | около 11 лет назад |
| CVE-2014-0230 Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | CVSS2: 5 | 6% Низкий | больше 11 лет назад |
| CVE-2014-0119 Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. | CVSS2: 4.3 | 7% Низкий | больше 11 лет назад |
| CVE-2014-0119 Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ... | CVSS2: 4.3 | 7% Низкий | больше 11 лет назад |
| CVE-2014-0099 Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | CVSS2: 4.3 | 71% Высокий | больше 11 лет назад |
| CVE-2014-0099 Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ... | CVSS2: 4.3 | 71% Высокий | больше 11 лет назад |
Уязвимостей на страницу