Количество 1 263
Количество 1 263
GHSA-w7cg-5969-678w
Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token
GHSA-w6q7-ww2x-7gm3
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
GHSA-w65j-cmqc-37p2
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
GHSA-w3j5-q8f2-3cqq
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat
GHSA-w227-xcfx-3pj8
Exposure of Sensitive Information in Apache Tomcat
GHSA-vfww-5hm6-hx2j
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
GHSA-vch7-92vf-jm44
Apache Tomcat does not follow ServletSecurity annotations
GHSA-v682-8vv8-vpwr
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
GHSA-v66v-63h2-8q5q
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
GHSA-v5p2-vg3c-pmrr
Apache Tomcat Path Traversal Vulnerability
GHSA-v35g-wxj7-gxp3
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
GHSA-rq2w-37h9-vg94
Apache Tomcat improperly escapes input from JsonErrorReportValve
GHSA-rp8h-vr48-4j8p
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
GHSA-rh8q-vjgf-gf74
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
GHSA-rffr-vjp4-vxh3
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
GHSA-r7c8-hghc-2mp8
Apache Tomcat Allows Replacing of XML Parser
GHSA-r6j3-px5g-cq3x
Apache Tomcat Improper Input Validation vulnerability
GHSA-r6cf-cr44-m8rr
Apache Tomcat Leaks Pathname Information via Error Message
GHSA-r22m-cc5w-vgh3
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
GHSA-qvf5-hvjx-wm27
Apache Tomcat Request and/or response mix-up
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-w7cg-5969-678w Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token | CVSS3: 8.8 | 6% Низкий | больше 3 лет назад |
| GHSA-w6q7-ww2x-7gm3 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | 17% Средний | больше 3 лет назад | |
| GHSA-w65j-cmqc-37p2 JULI logging component in Apache Tomcat does not restrict certain permissions for web applications | 18% Средний | больше 3 лет назад | |
| GHSA-w3j5-q8f2-3cqq Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat | CVSS3: 7.5 | 17% Средний | больше 3 лет назад |
| GHSA-w227-xcfx-3pj8 Exposure of Sensitive Information in Apache Tomcat | 84% Высокий | больше 3 лет назад | |
| GHSA-vfww-5hm6-hx2j Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences | CVSS3: 9.6 | 0% Низкий | около 2 месяцев назад |
| GHSA-vch7-92vf-jm44 Apache Tomcat does not follow ServletSecurity annotations | 16% Средний | больше 3 лет назад | |
| GHSA-v682-8vv8-vpwr Denial of Service via incomplete cleanup vulnerability in Apache Tomcat | CVSS3: 6.3 | 1% Низкий | почти 2 года назад |
| GHSA-v66v-63h2-8q5q Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 70% Средний | больше 3 лет назад | |
| GHSA-v5p2-vg3c-pmrr Apache Tomcat Path Traversal Vulnerability | 6% Низкий | больше 3 лет назад | |
| GHSA-v35g-wxj7-gxp3 Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | 14% Средний | больше 3 лет назад | |
| GHSA-rq2w-37h9-vg94 Apache Tomcat improperly escapes input from JsonErrorReportValve | CVSS3: 7.5 | 1% Низкий | почти 3 года назад |
| GHSA-rp8h-vr48-4j8p Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests | 2% Низкий | больше 3 лет назад | |
| GHSA-rh8q-vjgf-gf74 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | CVSS3: 5.3 | 31% Средний | больше 3 лет назад |
| GHSA-rffr-vjp4-vxh3 The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | 3% Низкий | больше 3 лет назад | |
| GHSA-r7c8-hghc-2mp8 Apache Tomcat Allows Replacing of XML Parser | 0% Низкий | больше 3 лет назад | |
| GHSA-r6j3-px5g-cq3x Apache Tomcat Improper Input Validation vulnerability | CVSS3: 5.3 | 1% Низкий | около 2 лет назад |
| GHSA-r6cf-cr44-m8rr Apache Tomcat Leaks Pathname Information via Error Message | 3% Низкий | больше 3 лет назад | |
| GHSA-r22m-cc5w-vgh3 ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator." | 1% Низкий | больше 3 лет назад | |
| GHSA-qvf5-hvjx-wm27 Apache Tomcat Request and/or response mix-up | CVSS3: 6.5 | 7% Низкий | около 1 года назад |
Уязвимостей на страницу