Tomcat — контейнер сервлетов с открытым исходным кодом

Релизный цикл, информация об уязвимостях

Продукт: Tomcat

Вендор: apache

График релизов

Недавние уязвимости Tomcat

Количество 1 262

CVE-2012-4431

около 13 лет назад

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

CVSS2: 4.3

EPSS: Низкий

CVE-2012-3546

около 13 лет назад

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

CVSS2: 5.5

EPSS: Низкий

CVE-2012-4534

около 13 лет назад

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

CVSS2: 4.3

EPSS: Средний

CVE-2012-5568

около 13 лет назад

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

CVSS2: 5

EPSS: Средний

CVE-2012-5568

около 13 лет назад

Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...

CVSS2: 5

EPSS: Средний

CVE-2012-5568

около 13 лет назад

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

CVSS2: 5

EPSS: Средний

CVE-2012-5887

около 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

CVSS2: 5

EPSS: Низкий

CVE-2012-5887

около 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 5

EPSS: Низкий

CVE-2012-5886

около 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

CVSS2: 5

EPSS: Низкий

CVE-2012-5886

около 13 лет назад

The HTTP Digest Access Authentication implementation in Apache Tomcat ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2012-4431 org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.	CVSS2: 4.3	10% Низкий	около 13 лет назад
CVE-2012-3546 org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.	CVSS2: 5.5	2% Низкий	около 13 лет назад
CVE-2012-4534 org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.	CVSS2: 4.3	23% Средний	около 13 лет назад
CVE-2012-5568 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.	CVSS2: 5	14% Средний	около 13 лет назад
CVE-2012-5568 Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...	CVSS2: 5	14% Средний	около 13 лет назад
CVE-2012-5568 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.	CVSS2: 5	14% Средний	около 13 лет назад
CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.	CVSS2: 5	1% Низкий	около 13 лет назад
CVE-2012-5887 The HTTP Digest Access Authentication implementation in Apache Tomcat ...	CVSS2: 5	1% Низкий	около 13 лет назад
CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.	CVSS2: 5	1% Низкий	около 13 лет назад
CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat ...	CVSS2: 5	1% Низкий	около 13 лет назад

Уязвимостей на страницу