Количество 1 133
Количество 1 133
GHSA-w227-xcfx-3pj8
Exposure of Sensitive Information in Apache Tomcat
GHSA-vch7-92vf-jm44
Apache Tomcat does not follow ServletSecurity annotations
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
GHSA-v66v-63h2-8q5q
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
GHSA-v5p2-vg3c-pmrr
Apache Tomcat Path Traversal Vulnerability
GHSA-v35g-wxj7-gxp3
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
GHSA-rq2w-37h9-vg94
Apache Tomcat improperly escapes input from JsonErrorReportValve
GHSA-rp8h-vr48-4j8p
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
GHSA-rh8q-vjgf-gf74
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-rffr-vjp4-vxh3
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
GHSA-r7c8-hghc-2mp8
Apache Tomcat Allows Replacing of XML Parser
GHSA-r6j3-px5g-cq3x
Apache Tomcat Improper Input Validation vulnerability
GHSA-r6cf-cr44-m8rr
Apache Tomcat Leaks Pathname Information via Error Message
GHSA-r22m-cc5w-vgh3
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
GHSA-qvf5-hvjx-wm27
Apache Tomcat Request and/or response mix-up
GHSA-qrj4-rmqg-4hcp
Apache Tomcat Does Not Properly Handle Empty Requests
GHSA-qrcx-p4rr-g48h
Apache Tomcat allows remote attackers to read JSP source files
GHSA-qqr5-q566-72w2
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
GHSA-qprx-q2r7-3rx6
Improper Input Validation in Apache Tomcat
GHSA-qjw9-54p2-cgcx
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
GHSA-w227-xcfx-3pj8 Exposure of Sensitive Information in Apache Tomcat | 85% Высокий | больше 3 лет назад | ||
GHSA-vch7-92vf-jm44 Apache Tomcat does not follow ServletSecurity annotations | 16% Средний | около 3 лет назад | ||
GHSA-v682-8vv8-vpwr Denial of Service via incomplete cleanup vulnerability in Apache Tomcat | CVSS3: 6.3 | 0% Низкий | больше 1 года назад | |
GHSA-v66v-63h2-8q5q Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 46% Средний | больше 3 лет назад | ||
GHSA-v5p2-vg3c-pmrr Apache Tomcat Path Traversal Vulnerability | 7% Низкий | больше 3 лет назад | ||
GHSA-v35g-wxj7-gxp3 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 13% Средний | около 3 лет назад | ||
GHSA-rq2w-37h9-vg94 Apache Tomcat improperly escapes input from JsonErrorReportValve | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад | |
GHSA-rp8h-vr48-4j8p Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests | 2% Низкий | около 3 лет назад | ||
GHSA-rh8q-vjgf-gf74 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 5.3 | 24% Средний | около 3 лет назад | |
GHSA-rffr-vjp4-vxh3 The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | 3% Низкий | больше 3 лет назад | ||
GHSA-r7c8-hghc-2mp8 Apache Tomcat Allows Replacing of XML Parser | 0% Низкий | около 3 лет назад | ||
GHSA-r6j3-px5g-cq3x Apache Tomcat Improper Input Validation vulnerability | CVSS3: 5.3 | 1% Низкий | почти 2 года назад | |
GHSA-r6cf-cr44-m8rr Apache Tomcat Leaks Pathname Information via Error Message | 3% Низкий | больше 3 лет назад | ||
GHSA-r22m-cc5w-vgh3 ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator." | 1% Низкий | около 3 лет назад | ||
GHSA-qvf5-hvjx-wm27 Apache Tomcat Request and/or response mix-up | CVSS3: 6.5 | 4% Низкий | 9 месяцев назад | |
GHSA-qrj4-rmqg-4hcp Apache Tomcat Does Not Properly Handle Empty Requests | 12% Средний | больше 3 лет назад | ||
GHSA-qrcx-p4rr-g48h Apache Tomcat allows remote attackers to read JSP source files | 1% Низкий | больше 3 лет назад | ||
GHSA-qqr5-q566-72w2 The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | 35% Средний | больше 3 лет назад | ||
GHSA-qprx-q2r7-3rx6 Improper Input Validation in Apache Tomcat | 2% Низкий | около 3 лет назад | ||
GHSA-qjw9-54p2-cgcx The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 3% Низкий | больше 3 лет назад |
Уязвимостей на страницу