Количество 1 093
Количество 1 093
GHSA-86fp-jgwm-wgj5
Apache Tomcat XSS Vulnerability
GHSA-83qj-6fr2-vhqg
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
GHSA-7wj2-48c4-2684
Apache Tomcat Denial of Service vulnerability in the Catalina package
GHSA-7w75-32cg-r6g2
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
GHSA-7g59-hm8v-cwmc
Apache Tomcat information disclosure vulnerability
GHSA-79m3-w93m-vjpg
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
GHSA-76vr-72mv-mf3q
Cross-Site Request Forgery in Apache Tomcat
GHSA-73rx-3f9r-x949
Insufficient Verification of Data Authenticity in Apache Tomcat
GHSA-72m4-92vp-gxfj
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
GHSA-6vx3-hr43-cfrh
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-6v52-mj5r-7j2m
Apache Tomcat Race Condition vulnerability
GHSA-6qr6-x7jm-x2q6
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-6m48-jxwx-76q7
Improper Authentication in Apache Tomcat
GHSA-6j8f-66vh-39mj
Apache Tomcat Mishandles Character Sequence in Cookies
GHSA-6j88-6whg-x687
Cross-site Scripting in Apache Tomcat
GHSA-6gjj-c5mj-4cvp
Improper Input Validation in Apache Tomcat
GHSA-6cr4-7c7p-p3xv
Use of Hard-coded Cryptographic Key in Apache Tomcat
GHSA-698c-2x4j-g9gq
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
GHSA-68g5-8q7f-m384
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-5xvw-jhvw-hvp2
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-86fp-jgwm-wgj5 Apache Tomcat XSS Vulnerability | 48% Средний | около 3 лет назад | |
| GHSA-83qj-6fr2-vhqg Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | CVSS3: 9.8 | 94% Критический | 3 месяца назад |
| GHSA-7wj2-48c4-2684 Apache Tomcat Denial of Service vulnerability in the Catalina package | 20% Средний | около 3 лет назад | |
| GHSA-7w75-32cg-r6g2 Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests | CVSS3: 7.5 | 55% Средний | больше 1 года назад |
| GHSA-7g59-hm8v-cwmc Apache Tomcat information disclosure vulnerability | 8% Низкий | около 3 лет назад | |
| GHSA-79m3-w93m-vjpg ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | 1% Низкий | около 3 лет назад | |
| GHSA-76vr-72mv-mf3q Cross-Site Request Forgery in Apache Tomcat | 16% Средний | около 3 лет назад | |
| GHSA-73rx-3f9r-x949 Insufficient Verification of Data Authenticity in Apache Tomcat | CVSS3: 4.3 | 5% Низкий | около 3 лет назад |
| GHSA-72m4-92vp-gxfj The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | 3% Низкий | около 3 лет назад | |
| GHSA-6vx3-hr43-cfrh Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-6v52-mj5r-7j2m Apache Tomcat Race Condition vulnerability | CVSS3: 5.9 | 5% Низкий | больше 6 лет назад |
| GHSA-6qr6-x7jm-x2q6 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 4.3 | 1% Низкий | около 3 лет назад |
| GHSA-6m48-jxwx-76q7 Improper Authentication in Apache Tomcat | 4% Низкий | около 3 лет назад | |
| GHSA-6j8f-66vh-39mj Apache Tomcat Mishandles Character Sequence in Cookies | 69% Средний | около 3 лет назад | |
| GHSA-6j88-6whg-x687 Cross-site Scripting in Apache Tomcat | CVSS3: 6.1 | 2% Низкий | почти 3 года назад |
| GHSA-6gjj-c5mj-4cvp Improper Input Validation in Apache Tomcat | 16% Средний | около 3 лет назад | |
| GHSA-6cr4-7c7p-p3xv Use of Hard-coded Cryptographic Key in Apache Tomcat | 5% Низкий | около 3 лет назад | |
| GHSA-698c-2x4j-g9gq Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-68g5-8q7f-m384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 7.5 | 4% Низкий | около 3 лет назад |
| GHSA-5xvw-jhvw-hvp2 The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | CVSS3: 7.8 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу