Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 093
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ...
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...
CVE-2011-1183
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
CVE-2011-1419
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
CVE-2011-1419
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ...
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2011-1475 The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ... | CVSS2: 5 | 12% Средний | около 14 лет назад |
 | CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. | CVSS2: 5.8 | 1% Низкий | около 14 лет назад |
| CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ... | CVSS2: 5.8 | 1% Низкий | около 14 лет назад |
 | CVE-2011-1183 Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. | CVSS2: 5.8 | 1% Низкий | около 14 лет назад |
| CVE-2011-1475 The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | CVSS2: 5 | 12% Средний | около 14 лет назад |
 | CVE-2011-1475 The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | CVSS2: 4.3 | 12% Средний | около 14 лет назад |
| CVE-2011-1419 Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. | CVSS2: 5.8 | 16% Средний | больше 14 лет назад |
| CVE-2011-1419 Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ... | CVSS2: 5.8 | 16% Средний | больше 14 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. | CVSS2: 5.8 | 14% Средний | больше 14 лет назад |
| CVE-2011-1088 Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ... | CVSS2: 5.8 | 14% Средний | больше 14 лет назад |
Уязвимостей на страницу