Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 156
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
CVE-2010-3718
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
CVE-2010-4312
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
CVE-2010-4312
The default configuration of Apache Tomcat 6.x does not include the HT ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2011-0534 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ... | CVSS2: 5 | 17% Средний | больше 14 лет назад |
 | CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | CVSS2: 1.2 | 0% Низкий | больше 14 лет назад |
| CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ... | CVSS2: 1.2 | 0% Низкий | больше 14 лет назад |
 | CVE-2011-0534 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | CVSS2: 5 | 17% Средний | больше 14 лет назад |
| CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | CVSS2: 1.2 | 0% Низкий | больше 14 лет назад |
 | CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | CVSS2: 4 | 0% Низкий | почти 15 лет назад |
| CVE-2011-0534 Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | CVSS2: 5 | 17% Средний | почти 15 лет назад |
| CVE-2011-0013 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | CVSS2: 4.3 | 32% Средний | почти 15 лет назад |
| CVE-2010-4312 The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. | CVSS2: 6.4 | 2% Низкий | почти 15 лет назад |
| CVE-2010-4312 The default configuration of Apache Tomcat 6.x does not include the HT ... | CVSS2: 6.4 | 2% Низкий | почти 15 лет назад |
Уязвимостей на страницу