Количество 1 093
Количество 1 093
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
GHSA-v66v-63h2-8q5q
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
GHSA-v5p2-vg3c-pmrr
Apache Tomcat Path Traversal Vulnerability
GHSA-v35g-wxj7-gxp3
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
GHSA-rq2w-37h9-vg94
Apache Tomcat improperly escapes input from JsonErrorReportValve
GHSA-rp8h-vr48-4j8p
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
GHSA-rh8q-vjgf-gf74
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-rffr-vjp4-vxh3
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
GHSA-r7c8-hghc-2mp8
Apache Tomcat Allows Replacing of XML Parser
GHSA-r6j3-px5g-cq3x
Apache Tomcat Improper Input Validation vulnerability
GHSA-r6cf-cr44-m8rr
Apache Tomcat Leaks Pathname Information via Error Message
GHSA-r22m-cc5w-vgh3
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
GHSA-qvf5-hvjx-wm27
Apache Tomcat Request and/or response mix-up
GHSA-qrj4-rmqg-4hcp
Apache Tomcat Does Not Properly Handle Empty Requests
GHSA-qrcx-p4rr-g48h
Apache Tomcat allows remote attackers to read JSP source files
GHSA-qqr5-q566-72w2
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
GHSA-qprx-q2r7-3rx6
Improper Input Validation in Apache Tomcat
GHSA-qjw9-54p2-cgcx
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
GHSA-qg4g-6jcq-rw93
Jakarta Apache Tomcat Reveals Physical Paths
GHSA-qfxv-3ppc-7qg5
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v682-8vv8-vpwr Denial of Service via incomplete cleanup vulnerability in Apache Tomcat | CVSS3: 6.3 | 0% Низкий | больше 1 года назад |
| GHSA-v66v-63h2-8q5q Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 46% Средний | около 3 лет назад | |
| GHSA-v5p2-vg3c-pmrr Apache Tomcat Path Traversal Vulnerability | 7% Низкий | около 3 лет назад | |
| GHSA-v35g-wxj7-gxp3 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 13% Средний | около 3 лет назад | |
| GHSA-rq2w-37h9-vg94 Apache Tomcat improperly escapes input from JsonErrorReportValve | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
| GHSA-rp8h-vr48-4j8p Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests | 2% Низкий | около 3 лет назад | |
| GHSA-rh8q-vjgf-gf74 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 5.3 | 40% Средний | около 3 лет назад |
| GHSA-rffr-vjp4-vxh3 The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | 3% Низкий | около 3 лет назад | |
| GHSA-r7c8-hghc-2mp8 Apache Tomcat Allows Replacing of XML Parser | 0% Низкий | около 3 лет назад | |
| GHSA-r6j3-px5g-cq3x Apache Tomcat Improper Input Validation vulnerability | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
| GHSA-r6cf-cr44-m8rr Apache Tomcat Leaks Pathname Information via Error Message | 3% Низкий | около 3 лет назад | |
| GHSA-r22m-cc5w-vgh3 ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator." | 1% Низкий | около 3 лет назад | |
| GHSA-qvf5-hvjx-wm27 Apache Tomcat Request and/or response mix-up | CVSS3: 6.5 | 4% Низкий | 7 месяцев назад |
| GHSA-qrj4-rmqg-4hcp Apache Tomcat Does Not Properly Handle Empty Requests | 12% Средний | около 3 лет назад | |
| GHSA-qrcx-p4rr-g48h Apache Tomcat allows remote attackers to read JSP source files | 1% Низкий | около 3 лет назад | |
| GHSA-qqr5-q566-72w2 The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | 38% Средний | около 3 лет назад | |
| GHSA-qprx-q2r7-3rx6 Improper Input Validation in Apache Tomcat | 1% Низкий | около 3 лет назад | |
| GHSA-qjw9-54p2-cgcx The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 4% Низкий | около 3 лет назад | |
| GHSA-qg4g-6jcq-rw93 Jakarta Apache Tomcat Reveals Physical Paths | 40% Средний | около 3 лет назад | |
| GHSA-qfxv-3ppc-7qg5 Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions | 44% Средний | около 3 лет назад |
Уязвимостей на страницу