Количество 1 262
Количество 1 262
SUSE-SU-2016:2229-1
Security update for tomcat6
RLSA-2024:5694
Important: tomcat security update
RLSA-2024:5693
Important: tomcat security update
GHSA-wm9w-rjj3-j356
Apache Tomcat - Denial of Service
GHSA-v646-rx6w-r3qq
Improper Access Control in Apache Tomcat
GHSA-r84p-88g2-2vx2
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
GHSA-qhqv-q4xg-f6g7
Apache Tomcat AJP Connector Information Leak
GHSA-pxcx-cxq8-4mmw
Uncontrolled Resource Consumption in Apache Tomcat
GHSA-pqr5-9v2j-44xg
Apache Tomcat DoS via Malicious Get Request
GHSA-h3ch-5pp2-vh6w
Improper socket reuse in Apache Tomcat
GHSA-g7cf-wg27-qw87
Jenkins secure flag not set on session cookies
GHSA-cx6h-86xw-9x34
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
GHSA-c7fc-mp9g-99j3
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
GHSA-7mg3-pr99-8rh7
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
GHSA-7jqf-v358-p8g7
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
GHSA-7f6w-fhmr-j8hq
Jenkins HttpOnly flag not Set for session cookies
GHSA-59g9-7gfx-c72p
Infinite loop in Tomcat due to parsing error
GHSA-4prh-gqw8-rgh5
Apache Tomcat Directory Traversal
GHSA-46j3-r4pj-4835
The host name verification missing in Apache Tomcat
GHSA-3v4j-mhgf-pf6w
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2016:2229-1 Security update for tomcat6 | 65% Средний | больше 9 лет назад | |
 | RLSA-2024:5694 Important: tomcat security update | 18% Средний | больше 1 года назад | |
| RLSA-2024:5693 Important: tomcat security update | 18% Средний | больше 1 года назад | |
| GHSA-wm9w-rjj3-j356 Apache Tomcat - Denial of Service | CVSS3: 7.5 | 18% Средний | больше 1 года назад |
| GHSA-v646-rx6w-r3qq Improper Access Control in Apache Tomcat | CVSS3: 8.1 | 65% Средний | больше 3 лет назад |
| GHSA-r84p-88g2-2vx2 Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption | CVSS3: 7.5 | 60% Средний | больше 3 лет назад |
| GHSA-qhqv-q4xg-f6g7 Apache Tomcat AJP Connector Information Leak | 3% Низкий | почти 4 года назад | |
| GHSA-pxcx-cxq8-4mmw Uncontrolled Resource Consumption in Apache Tomcat | 6% Низкий | больше 3 лет назад | |
| GHSA-pqr5-9v2j-44xg Apache Tomcat DoS via Malicious Get Request | 23% Средний | почти 4 года назад | |
| GHSA-h3ch-5pp2-vh6w Improper socket reuse in Apache Tomcat | CVSS3: 8.6 | 1% Низкий | больше 3 лет назад |
| GHSA-g7cf-wg27-qw87 Jenkins secure flag not set on session cookies | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-cx6h-86xw-9x34 Apache Tomcat - Fix for CVE-2023-24998 was incomplete | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-c7fc-mp9g-99j3 The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | CVSS3: 7.8 | 14% Средний | больше 3 лет назад |
| GHSA-7mg3-pr99-8rh7 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | 9% Низкий | больше 3 лет назад | |
| GHSA-7jqf-v358-p8g7 Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability | CVSS3: 8.6 | 0% Низкий | около 1 года назад |
| GHSA-7f6w-fhmr-j8hq Jenkins HttpOnly flag not Set for session cookies | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-59g9-7gfx-c72p Infinite loop in Tomcat due to parsing error | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| GHSA-4prh-gqw8-rgh5 Apache Tomcat Directory Traversal | 88% Высокий | почти 4 года назад | |
| GHSA-46j3-r4pj-4835 The host name verification missing in Apache Tomcat | CVSS3: 7.5 | 21% Средний | больше 7 лет назад |
| GHSA-3v4j-mhgf-pf6w The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. | 5% Низкий | больше 3 лет назад |
Уязвимостей на страницу