Количество 1 093
Количество 1 093
GHSA-h6c8-x5r3-pm88
Apache Tomcat Unrestricted file upload vulnerability
GHSA-h6c8-rg87-f3pc
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
GHSA-ggx9-4728-588r
Apache Tomcat Directory Traversal vulnerability
GHSA-g8pj-r55q-5c2v
Apache Tomcat Incomplete Cleanup vulnerability
GHSA-g77g-vjjm-x83j
Apache Tomcat Example Application CSRF and XSS Vulnerabilities
GHSA-fjwp-r6fm-q6qw
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
GHSA-fj6c-prgj-gr3r
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-ff77-26x5-69cr
Apache Tomcat Rewrite rule bypass
GHSA-fccv-jmmp-qg76
Apache Tomcat Improper Input Validation vulnerability
GHSA-f98p-9pp6-7q6c
Apache Tomcat Cross-site scripting (XSS) vulnerability
GHSA-f632-9449-3j4w
Apache Tomcat - XSS in generated JSPs
GHSA-f4qf-m5gf-8jm8
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
GHSA-f436-gr4m-qq5w
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
GHSA-f2gq-p6qv-ccw4
Tomcat Vulnerable to Web Cache Poisoning
GHSA-cxg2-49rq-8gcr
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
GHSA-cww4-vj5r-rx57
Exposure of Sensitive Information in Apache Tomcat
GHSA-cw29-r48c-h5f9
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
GHSA-cvx5-7vc7-rg77
Tomcat uses trusted privileges when processing web.xml file
GHSA-cpr9-82wf-f629
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
GHSA-cjg9-7x8h-6gw3
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-h6c8-x5r3-pm88 Apache Tomcat Unrestricted file upload vulnerability | 6% Низкий | около 3 лет назад | |
| GHSA-h6c8-rg87-f3pc Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users | 12% Средний | около 3 лет назад | |
| GHSA-ggx9-4728-588r Apache Tomcat Directory Traversal vulnerability | 15% Средний | около 3 лет назад | |
| GHSA-g8pj-r55q-5c2v Apache Tomcat Incomplete Cleanup vulnerability | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
| GHSA-g77g-vjjm-x83j Apache Tomcat Example Application CSRF and XSS Vulnerabilities | 1% Низкий | около 3 лет назад | |
| GHSA-fjwp-r6fm-q6qw Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request | CVSS3: 7.5 | 3% Низкий | около 3 лет назад |
| GHSA-fj6c-prgj-gr3r Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | 0% Низкий | около 3 лет назад | |
| GHSA-ff77-26x5-69cr Apache Tomcat Rewrite rule bypass | 0% Низкий | около 2 месяцев назад | |
| GHSA-fccv-jmmp-qg76 Apache Tomcat Improper Input Validation vulnerability | CVSS3: 7.5 | 45% Средний | больше 1 года назад |
| GHSA-f98p-9pp6-7q6c Apache Tomcat Cross-site scripting (XSS) vulnerability | 49% Средний | около 3 лет назад | |
| GHSA-f632-9449-3j4w Apache Tomcat - XSS in generated JSPs | CVSS3: 6.1 | 2% Низкий | 7 месяцев назад |
| GHSA-f4qf-m5gf-8jm8 Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information | CVSS3: 5.3 | 65% Средний | больше 1 года назад |
| GHSA-f436-gr4m-qq5w The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. | 23% Средний | около 3 лет назад | |
| GHSA-f2gq-p6qv-ccw4 Tomcat Vulnerable to Web Cache Poisoning | 84% Высокий | около 3 лет назад | |
| GHSA-cxg2-49rq-8gcr Apache Tomcat does not properly handle an invalid Transfer-Encoding header | 81% Высокий | около 3 лет назад | |
| GHSA-cww4-vj5r-rx57 Exposure of Sensitive Information in Apache Tomcat | 80% Высокий | около 3 лет назад | |
| GHSA-cw29-r48c-h5f9 org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | 0% Низкий | около 3 лет назад | |
| GHSA-cvx5-7vc7-rg77 Tomcat uses trusted privileges when processing web.xml file | 3% Низкий | около 3 лет назад | |
| GHSA-cpr9-82wf-f629 java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | 12% Средний | около 3 лет назад | |
| GHSA-cjg9-7x8h-6gw3 The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | 6% Низкий | около 3 лет назад |
Уязвимостей на страницу