Количество 1 262
Количество 1 262
BDU:2023-05380
Уязвимость сервера приложений Apache Tomcat, связанная с ошибкой единичного смещения, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-03746
Уязвимость в примерах проверки подлинности с помощью форм в примерах веб-приложений сервера приложений Apache Tomcat, позволяющая нарушителю провести атаку межсайтового скриптинга
openSUSE-SU-2022:0818-1
Security update for tomcat
SUSE-SU-2022:0818-1
Security update for tomcat
SUSE-SU-2022:0784-1
Security update for tomcat
SUSE-SU-2022:0695-1
Security update for tomcat
SUSE-SU-2022:0694-1
Security update for tomcat
GHSA-r4x2-3cq5-hqvp
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
GHSA-q6x7-f33r-3wxx
Incorrect Authorization in Apache Tomcat
GHSA-9f3j-pm6f-9fm5
Race condition in Apache Tomcat
GHSA-36qh-35cm-5w2w
Authentication Bypass by Alternate Name in Apache Tomcat
GHSA-2rvf-329f-p99g
System Property Disclosure in Apache Tomcat
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use ...
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-05380 Уязвимость сервера приложений Apache Tomcat, связанная с ошибкой единичного смещения, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| BDU:2022-03746 Уязвимость в примерах проверки подлинности с помощью форм в примерах веб-приложений сервера приложений Apache Tomcat, позволяющая нарушителю провести атаку межсайтового скриптинга | CVSS3: 6.1 | 37% Средний | больше 3 лет назад |
 | openSUSE-SU-2022:0818-1 Security update for tomcat | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0818-1 Security update for tomcat | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0784-1 Security update for tomcat | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0695-1 Security update for tomcat | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2022:0694-1 Security update for tomcat | 0% Низкий | почти 4 года назад | |
| GHSA-r4x2-3cq5-hqvp The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins | CVSS3: 9.8 | 19% Средний | больше 7 лет назад |
| GHSA-q6x7-f33r-3wxx Incorrect Authorization in Apache Tomcat | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-9f3j-pm6f-9fm5 Race condition in Apache Tomcat | CVSS3: 7 | 0% Низкий | около 4 лет назад |
| GHSA-36qh-35cm-5w2w Authentication Bypass by Alternate Name in Apache Tomcat | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| GHSA-2rvf-329f-p99g System Property Disclosure in Apache Tomcat | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | CVSS3: 7 | 0% Низкий | около 4 лет назад |
 | CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | CVSS3: 7 | 0% Низкий | около 4 лет назад |
 | CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | CVSS3: 7 | 0% Низкий | около 4 лет назад |
| CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use ... | CVSS3: 7 | 0% Низкий | около 4 лет назад |
| CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ... | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу