Количество 1 133
Количество 1 133
GHSA-8c5c-v572-37xf
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
GHSA-87w9-x2c3-hrjj
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-86fp-jgwm-wgj5
Apache Tomcat XSS Vulnerability
GHSA-83qj-6fr2-vhqg
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
GHSA-7wj2-48c4-2684
Apache Tomcat Denial of Service vulnerability in the Catalina package
GHSA-7w75-32cg-r6g2
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
GHSA-7g59-hm8v-cwmc
Apache Tomcat information disclosure vulnerability
GHSA-79m3-w93m-vjpg
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
GHSA-76vr-72mv-mf3q
Cross-Site Request Forgery in Apache Tomcat
GHSA-73rx-3f9r-x949
Insufficient Verification of Data Authenticity in Apache Tomcat
GHSA-72m4-92vp-gxfj
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
GHSA-6vx3-hr43-cfrh
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-6v52-mj5r-7j2m
Apache Tomcat Race Condition vulnerability
GHSA-6qr6-x7jm-x2q6
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-6m48-jxwx-76q7
Improper Authentication in Apache Tomcat
GHSA-6j8f-66vh-39mj
Apache Tomcat Mishandles Character Sequence in Cookies
GHSA-6j88-6whg-x687
Cross-site Scripting in Apache Tomcat
GHSA-6gjj-c5mj-4cvp
Improper Input Validation in Apache Tomcat
GHSA-6cr4-7c7p-p3xv
Use of Hard-coded Cryptographic Key in Apache Tomcat
GHSA-698c-2x4j-g9gq
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-8c5c-v572-37xf The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. | CVSS3: 7.8 | 21% Средний | около 3 лет назад |
| GHSA-87w9-x2c3-hrjj Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 1% Низкий | около 3 лет назад | |
| GHSA-86fp-jgwm-wgj5 Apache Tomcat XSS Vulnerability | 48% Средний | больше 3 лет назад | |
| GHSA-83qj-6fr2-vhqg Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | CVSS3: 9.8 | 94% Критический | 5 месяцев назад |
| GHSA-7wj2-48c4-2684 Apache Tomcat Denial of Service vulnerability in the Catalina package | 20% Средний | больше 3 лет назад | |
| GHSA-7w75-32cg-r6g2 Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests | CVSS3: 7.5 | 52% Средний | больше 1 года назад |
| GHSA-7g59-hm8v-cwmc Apache Tomcat information disclosure vulnerability | 8% Низкий | больше 3 лет назад | |
| GHSA-79m3-w93m-vjpg ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | 1% Низкий | больше 3 лет назад | |
| GHSA-76vr-72mv-mf3q Cross-Site Request Forgery in Apache Tomcat | 16% Средний | около 3 лет назад | |
| GHSA-73rx-3f9r-x949 Insufficient Verification of Data Authenticity in Apache Tomcat | CVSS3: 4.3 | 4% Низкий | около 3 лет назад |
| GHSA-72m4-92vp-gxfj The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | 3% Низкий | больше 3 лет назад | |
| GHSA-6vx3-hr43-cfrh Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-6v52-mj5r-7j2m Apache Tomcat Race Condition vulnerability | CVSS3: 5.9 | 6% Низкий | почти 7 лет назад |
| GHSA-6qr6-x7jm-x2q6 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 4.3 | 1% Низкий | около 3 лет назад |
| GHSA-6m48-jxwx-76q7 Improper Authentication in Apache Tomcat | 4% Низкий | около 3 лет назад | |
| GHSA-6j8f-66vh-39mj Apache Tomcat Mishandles Character Sequence in Cookies | 69% Средний | больше 3 лет назад | |
| GHSA-6j88-6whg-x687 Cross-site Scripting in Apache Tomcat | CVSS3: 6.1 | 2% Низкий | около 3 лет назад |
| GHSA-6gjj-c5mj-4cvp Improper Input Validation in Apache Tomcat | 16% Средний | около 3 лет назад | |
| GHSA-6cr4-7c7p-p3xv Use of Hard-coded Cryptographic Key in Apache Tomcat | 5% Низкий | около 3 лет назад | |
| GHSA-698c-2x4j-g9gq Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу