Количество 10
Количество 10
BDU:2024-10291
Уязвимость сервера приложений Apache Tomcat, связанная с непроверенным состоянием ошибки, позволяющая нарушителю обойти процесс аутентификации и вызвать отказ в обслуживании
ROS-20240203-05
Множественные уязвимости tomcat
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...
SUSE-SU-2024:4106-1
Security update for tomcat
SUSE-SU-2024:4105-1
Security update for tomcat10
SUSE-SU-2024:4075-1
Security update for tomcat
GHSA-xcpr-7mr4-h4xq
Apache Tomcat - Authentication Bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-10291 Уязвимость сервера приложений Apache Tomcat, связанная с непроверенным состоянием ошибки, позволяющая нарушителю обойти процесс аутентификации и вызвать отказ в обслуживании | CVSS3: 9.8 | 1% Низкий | 7 месяцев назад |
 | ROS-20240203-05 Множественные уязвимости tomcat | CVSS3: 9.8 | больше 1 года назад | |
 | CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | CVSS3: 9.8 | 1% Низкий | 7 месяцев назад |
 | CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | CVSS3: 7.4 | 1% Низкий | 7 месяцев назад |
 | CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | CVSS3: 9.8 | 1% Низкий | 7 месяцев назад |
| CVE-2024-52316 Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ... | CVSS3: 9.8 | 1% Низкий | 7 месяцев назад |
 | SUSE-SU-2024:4106-1 Security update for tomcat | 1% Низкий | 7 месяцев назад | |
| SUSE-SU-2024:4105-1 Security update for tomcat10 | 1% Низкий | 7 месяцев назад | |
| SUSE-SU-2024:4075-1 Security update for tomcat | 1% Низкий | 7 месяцев назад | |
| GHSA-xcpr-7mr4-h4xq Apache Tomcat - Authentication Bypass | CVSS3: 9.8 | 1% Низкий | 7 месяцев назад |
Уязвимостей на страницу