Количество 1 133
Количество 1 133
GHSA-68g5-8q7f-m384
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-653p-vg55-5652
Apache Tomcat Uncontrolled Resource Consumption vulnerability
GHSA-5xvw-jhvw-hvp2
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
GHSA-5x5f-9r6q-q7mh
Apache Tomcat Sensitive Information Disclosure
GHSA-5jpg-mjvg-hfhp
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
GHSA-5j33-cvvr-w245
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
GHSA-5hgm-qm5m-5vmw
Jakarta Tomcat cross-site scripting (XSS) vulnerability
GHSA-5cw4-ggx9-36vg
Apache Tomcat Denial of Service via Malformed Request Headers
GHSA-5c5p-jxvx-x7j2
Apache Tomcat vulnerable to Cross-site Scripting
GHSA-58hj-575g-5j25
Apache Tomcat allows webmasters to insert xss into error messages
GHSA-4j3c-42xv-3f84
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
GHSA-4gr9-99j3-vqxv
Apache Tomcat Directory Traversal
GHSA-4f7h-9j2x-cmr4
Improper Authentication in Apache Tomcat
GHSA-4c6x-gfc8-c26r
Apache Tomcat Vulnerable to Cross-Site Scripting
GHSA-4c43-cwvx-9crh
Improper Access Control in Apache Tomcat
GHSA-475f-74wp-pqv5
Integer Overflow or Wraparound in Apache Tomcat
GHSA-43v2-6grp-9pp9
Apache Tomcat does not enforce the maxHttpHeaderSize limit
GHSA-42wg-hm62-jcwg
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
GHSA-42j3-498q-m6vp
Improper Input Validation in Apache Tomcat
GHSA-3xpj-jgv5-q4vv
Access restriction bypass in Apache Tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-68g5-8q7f-m384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 7.5 | 4% Низкий | около 3 лет назад |
| GHSA-653p-vg55-5652 Apache Tomcat Uncontrolled Resource Consumption vulnerability | CVSS3: 5.3 | 6% Низкий | 8 месяцев назад |
| GHSA-5xvw-jhvw-hvp2 The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | CVSS3: 7.8 | 0% Низкий | около 3 лет назад |
| GHSA-5x5f-9r6q-q7mh Apache Tomcat Sensitive Information Disclosure | 4% Низкий | больше 3 лет назад | |
| GHSA-5jpg-mjvg-hfhp Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. | 4% Низкий | больше 3 лет назад | |
| GHSA-5j33-cvvr-w245 Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability | CVSS3: 9.8 | 89% Высокий | 8 месяцев назад |
| GHSA-5hgm-qm5m-5vmw Jakarta Tomcat cross-site scripting (XSS) vulnerability | 27% Средний | больше 3 лет назад | |
| GHSA-5cw4-ggx9-36vg Apache Tomcat Denial of Service via Malformed Request Headers | 32% Средний | больше 3 лет назад | |
| GHSA-5c5p-jxvx-x7j2 Apache Tomcat vulnerable to Cross-site Scripting | 1% Низкий | больше 3 лет назад | |
| GHSA-58hj-575g-5j25 Apache Tomcat allows webmasters to insert xss into error messages | 1% Низкий | больше 3 лет назад | |
| GHSA-4j3c-42xv-3f84 Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector | CVSS3: 7.5 | 0% Низкий | 27 дней назад |
| GHSA-4gr9-99j3-vqxv Apache Tomcat Directory Traversal | 4% Низкий | больше 3 лет назад | |
| GHSA-4f7h-9j2x-cmr4 Improper Authentication in Apache Tomcat | 3% Низкий | около 3 лет назад | |
| GHSA-4c6x-gfc8-c26r Apache Tomcat Vulnerable to Cross-Site Scripting | 80% Высокий | больше 3 лет назад | |
| GHSA-4c43-cwvx-9crh Improper Access Control in Apache Tomcat | 9% Низкий | около 3 лет назад | |
| GHSA-475f-74wp-pqv5 Integer Overflow or Wraparound in Apache Tomcat | 80% Высокий | около 3 лет назад | |
| GHSA-43v2-6grp-9pp9 Apache Tomcat does not enforce the maxHttpHeaderSize limit | CVSS3: 7.5 | 17% Средний | около 3 лет назад |
| GHSA-42wg-hm62-jcwg Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | CVSS3: 8.4 | 0% Низкий | около 2 месяцев назад |
| GHSA-42j3-498q-m6vp Improper Input Validation in Apache Tomcat | 86% Высокий | около 3 лет назад | |
| GHSA-3xpj-jgv5-q4vv Access restriction bypass in Apache Tomcat | 2% Низкий | около 3 лет назад |
Уязвимостей на страницу