Количество 26
Количество 26
ELSA-2020-4004
ELSA-2020-4004: tomcat security and bug fix update (IMPORTANT)
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in ...
GHSA-9xcj-c8cr-8c3c
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
BDU:2020-01971
Уязвимость формы аутентификации сервера приложений Apache Tomcat, связанная с недостатком механизма фиксации сеанса, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
GHSA-m7jv-hq7h-mq7c
Infinite Loop in Apache Tomcat
BDU:2020-04938
Уязвимость сервера приложений Apache Tomcat, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2020:1111-1
Security update for tomcat
openSUSE-SU-2020:1102-1
Security update for tomcat
SUSE-SU-2020:2611-1
Security update for tomcat
SUSE-SU-2020:2047-1
Security update for tomcat
SUSE-SU-2020:2046-1
Security update for tomcat
SUSE-SU-2020:2045-1
Security update for tomcat
SUSE-SU-2020:2037-1
Security update for tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2020-4004 ELSA-2020-4004: tomcat security and bug fix update (IMPORTANT) | почти 5 лет назад | ||
 | CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | CVSS3: 7.5 | 4% Низкий | больше 5 лет назад |
 | CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | CVSS3: 7.5 | 4% Низкий | больше 5 лет назад |
 | CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | CVSS3: 7.5 | 4% Низкий | больше 5 лет назад |
| CVE-2019-17563 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ... | CVSS3: 7.5 | 4% Низкий | больше 5 лет назад |
| CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | CVSS3: 7.5 | 92% Критический | около 5 лет назад |
| CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | CVSS3: 7.5 | 92% Критический | около 5 лет назад |
| CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | CVSS3: 7.5 | 92% Критический | около 5 лет назад |
| CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated in ... | CVSS3: 7.5 | 92% Критический | около 5 лет назад |
| GHSA-9xcj-c8cr-8c3c In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack | CVSS3: 7.5 | 4% Низкий | больше 5 лет назад |
 | BDU:2020-01971 Уязвимость формы аутентификации сервера приложений Apache Tomcat, связанная с недостатком механизма фиксации сеанса, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных | CVSS3: 9.8 | 4% Низкий | больше 5 лет назад |
| GHSA-m7jv-hq7h-mq7c Infinite Loop in Apache Tomcat | CVSS3: 7.5 | 92% Критический | больше 3 лет назад |
| BDU:2020-04938 Уязвимость сервера приложений Apache Tomcat, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 92% Критический | больше 4 лет назад |
 | openSUSE-SU-2020:1111-1 Security update for tomcat | почти 5 лет назад | ||
| openSUSE-SU-2020:1102-1 Security update for tomcat | почти 5 лет назад | ||
| SUSE-SU-2020:2611-1 Security update for tomcat | почти 5 лет назад | ||
| SUSE-SU-2020:2047-1 Security update for tomcat | почти 5 лет назад | ||
| SUSE-SU-2020:2046-1 Security update for tomcat | почти 5 лет назад | ||
| SUSE-SU-2020:2045-1 Security update for tomcat | почти 5 лет назад | ||
| SUSE-SU-2020:2037-1 Security update for tomcat | почти 5 лет назад |
Уязвимостей на страницу