Количество 1 143
Количество 1 143
RLSA-2024:5693
Important: tomcat security update
GHSA-wm9w-rjj3-j356
Apache Tomcat - Denial of Service
GHSA-v646-rx6w-r3qq
Improper Access Control in Apache Tomcat
GHSA-r84p-88g2-2vx2
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
GHSA-qhqv-q4xg-f6g7
Apache Tomcat AJP Connector Information Leak
GHSA-pxcx-cxq8-4mmw
Uncontrolled Resource Consumption in Apache Tomcat
GHSA-pqr5-9v2j-44xg
Apache Tomcat DoS via Malicious Get Request
GHSA-h3ch-5pp2-vh6w
Improper socket reuse in Apache Tomcat
GHSA-g7cf-wg27-qw87
Jenkins secure flag not set on session cookies
GHSA-cx6h-86xw-9x34
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
GHSA-c7fc-mp9g-99j3
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
GHSA-7mg3-pr99-8rh7
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
GHSA-7jqf-v358-p8g7
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
GHSA-7f6w-fhmr-j8hq
Jenkins HttpOnly flag not Set for session cookies
GHSA-59g9-7gfx-c72p
Infinite loop in Tomcat due to parsing error
GHSA-4prh-gqw8-rgh5
Apache Tomcat Directory Traversal
GHSA-46j3-r4pj-4835
The host name verification missing in Apache Tomcat
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
GHSA-2rvv-w9r2-rg7m
Information Disclosure in Apache Tomcat
CVE-2024-38286
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:5693 Important: tomcat security update | 18% Средний | 11 месяцев назад | |
| GHSA-wm9w-rjj3-j356 Apache Tomcat - Denial of Service | CVSS3: 7.5 | 18% Средний | около 1 года назад |
| GHSA-v646-rx6w-r3qq Improper Access Control in Apache Tomcat | CVSS3: 8.1 | 66% Средний | больше 3 лет назад |
| GHSA-r84p-88g2-2vx2 Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption | CVSS3: 7.5 | 65% Средний | больше 3 лет назад |
| GHSA-qhqv-q4xg-f6g7 Apache Tomcat AJP Connector Information Leak | 3% Низкий | больше 3 лет назад | |
| GHSA-pxcx-cxq8-4mmw Uncontrolled Resource Consumption in Apache Tomcat | 6% Низкий | больше 3 лет назад | |
| GHSA-pqr5-9v2j-44xg Apache Tomcat DoS via Malicious Get Request | 21% Средний | больше 3 лет назад | |
| GHSA-h3ch-5pp2-vh6w Improper socket reuse in Apache Tomcat | CVSS3: 8.6 | 0% Низкий | больше 3 лет назад |
| GHSA-g7cf-wg27-qw87 Jenkins secure flag not set on session cookies | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-cx6h-86xw-9x34 Apache Tomcat - Fix for CVE-2023-24998 was incomplete | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| GHSA-c7fc-mp9g-99j3 The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | CVSS3: 7.8 | 14% Средний | больше 3 лет назад |
| GHSA-7mg3-pr99-8rh7 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | 9% Низкий | больше 3 лет назад | |
| GHSA-7jqf-v358-p8g7 Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability | CVSS3: 8.6 | 1% Низкий | 9 месяцев назад |
| GHSA-7f6w-fhmr-j8hq Jenkins HttpOnly flag not Set for session cookies | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-59g9-7gfx-c72p Infinite loop in Tomcat due to parsing error | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| GHSA-4prh-gqw8-rgh5 Apache Tomcat Directory Traversal | 86% Высокий | больше 3 лет назад | |
| GHSA-46j3-r4pj-4835 The host name verification missing in Apache Tomcat | CVSS3: 7.5 | 13% Средний | почти 7 лет назад |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 6% Низкий | больше 3 лет назад | |
| GHSA-2rvv-w9r2-rg7m Information Disclosure in Apache Tomcat | CVSS3: 5.9 | 57% Средний | больше 4 лет назад |
 | CVE-2024-38286 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. | CVSS3: 8.6 | 1% Низкий | 9 месяцев назад |
Уязвимостей на страницу