exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

CVE-2025-55754

около 1 месяца назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, whi...

CVSS3: 9.6

EPSS: Низкий

CVE-2025-55754

около 1 месяца назад

CVSS3: 9.6

EPSS: Низкий

CVE-2025-55754

около 1 месяца назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...

CVSS3: 9.6

EPSS: Низкий

GHSA-vfww-5hm6-hx2j

около 1 месяца назад

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

CVSS3: 9.6

EPSS: Низкий

BDU:2025-13927

около 1 месяца назад

Уязвимость сервера приложений Apache Tomcat, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код

CVSS3: 7.3

EPSS: Низкий

openSUSE-SU-2025-20106-1

4 дня назад

Security update for tomcat11

EPSS: Низкий

SUSE-SU-2025:4184-1

7 дней назад

Security update for tomcat

EPSS: Низкий

SUSE-SU-2025:4159-1

10 дней назад

Security update for tomcat

EPSS: Низкий

SUSE-SU-2025:4103-1

17 дней назад

Security update for tomcat10

EPSS: Низкий

SUSE-SU-2025:4086-1

19 дней назад

Security update for tomcat11

EPSS: Низкий

ROS-20251125-09

6 дней назад

Множественные уязвимости tomcat11

CVSS3: 7.5

EPSS: Низкий

ROS-20251125-08

6 дней назад

Множественные уязвимости tomcat10

CVSS3: 7.5

EPSS: Низкий

ROS-20251125-07

6 дней назад

Множественные уязвимости tomcat

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-55754 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, whi...	CVSS3: 9.6	0% Низкий	около 1 месяца назад
CVE-2025-55754 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later,	CVSS3: 9.6	0% Низкий	около 1 месяца назад
CVE-2025-55754 Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...	CVSS3: 9.6	0% Низкий	около 1 месяца назад
GHSA-vfww-5hm6-hx2j Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	CVSS3: 9.6	0% Низкий	около 1 месяца назад
BDU:2025-13927 Уязвимость сервера приложений Apache Tomcat, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код	CVSS3: 7.3	0% Низкий	около 1 месяца назад
openSUSE-SU-2025-20106-1 Security update for tomcat11			4 дня назад
SUSE-SU-2025:4184-1 Security update for tomcat			7 дней назад
SUSE-SU-2025:4159-1 Security update for tomcat			10 дней назад
SUSE-SU-2025:4103-1 Security update for tomcat10			17 дней назад
SUSE-SU-2025:4086-1 Security update for tomcat11			19 дней назад
ROS-20251125-09 Множественные уязвимости tomcat11	CVSS3: 7.5		6 дней назад
ROS-20251125-08 Множественные уязвимости tomcat10	CVSS3: 7.5		6 дней назад
ROS-20251125-07 Множественные уязвимости tomcat	CVSS3: 7.5		6 дней назад

Уязвимостей на страницу