Количество 1 263
Количество 1 263
GHSA-f98p-9pp6-7q6c
Apache Tomcat Cross-site scripting (XSS) vulnerability
GHSA-f632-9449-3j4w
Apache Tomcat - XSS in generated JSPs
GHSA-f4qf-m5gf-8jm8
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
GHSA-f436-gr4m-qq5w
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
GHSA-f2gq-p6qv-ccw4
Tomcat Vulnerable to Web Cache Poisoning
GHSA-cxg2-49rq-8gcr
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
GHSA-cww4-vj5r-rx57
Exposure of Sensitive Information in Apache Tomcat
GHSA-cw29-r48c-h5f9
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
GHSA-cvx5-7vc7-rg77
Tomcat uses trusted privileges when processing web.xml file
GHSA-cpr9-82wf-f629
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
GHSA-cjg9-7x8h-6gw3
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
GHSA-c78g-qwpw-2jgv
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
GHSA-c57p-3v2g-w9rg
Insertion of Sensitive Information into Log File in Apache Tomcat
GHSA-c38m-v4m2-524v
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
GHSA-9xrj-439h-62hg
Improper Authentication in Apache Tomcat
GHSA-9hjv-9h75-xmpp
Improper Verification of Source of a Communication Channel in Apache Tomcat
GHSA-9hg2-395j-83rm
Expected Behavior Violation in Apache Tomcat
GHSA-9ggm-7897-x4mg
Improper Input Validation in Apache Tomcat
GHSA-99rf-92v6-cwx4
Improper Access Control in Apache Tomcat
GHSA-9785-w233-x6hv
Improper Resource Shutdown or Release in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-f98p-9pp6-7q6c Apache Tomcat Cross-site scripting (XSS) vulnerability | 59% Средний | больше 3 лет назад | |
| GHSA-f632-9449-3j4w Apache Tomcat - XSS in generated JSPs | CVSS3: 6.1 | 4% Низкий | около 1 года назад |
| GHSA-f4qf-m5gf-8jm8 Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information | CVSS3: 5.3 | 71% Высокий | почти 2 года назад |
| GHSA-f436-gr4m-qq5w The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages. | 23% Средний | больше 3 лет назад | |
| GHSA-f2gq-p6qv-ccw4 Tomcat Vulnerable to Web Cache Poisoning | 82% Высокий | больше 3 лет назад | |
| GHSA-cxg2-49rq-8gcr Apache Tomcat does not properly handle an invalid Transfer-Encoding header | 74% Высокий | больше 3 лет назад | |
| GHSA-cww4-vj5r-rx57 Exposure of Sensitive Information in Apache Tomcat | 82% Высокий | больше 3 лет назад | |
| GHSA-cw29-r48c-h5f9 org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | 0% Низкий | больше 3 лет назад | |
| GHSA-cvx5-7vc7-rg77 Tomcat uses trusted privileges when processing web.xml file | 2% Низкий | больше 3 лет назад | |
| GHSA-cpr9-82wf-f629 java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | 16% Средний | больше 3 лет назад | |
| GHSA-cjg9-7x8h-6gw3 The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | 5% Низкий | больше 3 лет назад | |
| GHSA-c78g-qwpw-2jgv Improper Neutralization of Input During Web Page Generation in Apache Tomcat | 30% Средний | больше 3 лет назад | |
| GHSA-c57p-3v2g-w9rg Insertion of Sensitive Information into Log File in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-c38m-v4m2-524v Apache Tomcat Allows Remote Attackers to Spoof AJP Requests | 1% Низкий | больше 3 лет назад | |
| GHSA-9xrj-439h-62hg Improper Authentication in Apache Tomcat | 1% Низкий | больше 3 лет назад | |
| GHSA-9hjv-9h75-xmpp Improper Verification of Source of a Communication Channel in Apache Tomcat | CVSS3: 6.3 | 0% Низкий | больше 3 лет назад |
| GHSA-9hg2-395j-83rm Expected Behavior Violation in Apache Tomcat | CVSS3: 9.8 | 6% Низкий | больше 3 лет назад |
| GHSA-9ggm-7897-x4mg Improper Input Validation in Apache Tomcat | 0% Низкий | больше 3 лет назад | |
| GHSA-99rf-92v6-cwx4 Improper Access Control in Apache Tomcat | 2% Низкий | больше 3 лет назад | |
| GHSA-9785-w233-x6hv Improper Resource Shutdown or Release in Apache Tomcat | CVSS3: 7.5 | 19% Средний | больше 3 лет назад |
Уязвимостей на страницу