Latest apache tomcat Vulnerabilities

CVE-2024-21733
Apache Tomcat: Leaking of unrelated request bodies in default error page
Apache Tomcat>=8.5.7<8.5.64
Apache Tomcat>=9.0.1<9.0.44
Apache Tomcat=9.0.0-milestone11
Apache Tomcat=9.0.0-milestone12
Apache Tomcat=9.0.0-milestone13
Apache Tomcat=9.0.0-milestone14
and 17 more
CVE-2023-46589
Apache Tomcat: HTTP request smuggling via malformed trailer headers
Apache Tomcat>=8.5.0<8.5.96
Apache Tomcat>=9.0.0<9.0.83
Apache Tomcat>=10.1.0<10.1.16
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone10
Apache Tomcat=11.0.0-milestone2
and 16 more
CVE-2023-45648
Apache Tomcat: Trailer header parsing too lenient
Apache Tomcat>=8.5.0<8.5.94
Apache Tomcat>=9.0.1<9.0.81
Apache Tomcat>=10.1.1<10.1.14
Apache Tomcat=9.0.0-milestone1
Apache Tomcat=9.0.0-milestone10
Apache Tomcat=9.0.0-milestone11
and 74 more
CVE-2023-42794
Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
Apache Tomcat>=8.5.85<8.5.94
Apache Tomcat>=9.0.70<9.0.81
maven/org.apache.tomcat:tomcat>=8.5.85<8.5.94
maven/org.apache.tomcat:tomcat>=9.0.70<9.0.81
redhat/tomcat<9.0.81
redhat/tomcat<8.5.94
CVE-2023-42795
Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
Apache Tomcat>=8.5.0<8.5.94
Apache Tomcat>=9.0.1<9.0.81
Apache Tomcat>=10.1.1<10.1.14
Apache Tomcat=9.0.0-milestone1
Apache Tomcat=9.0.0-milestone10
Apache Tomcat=9.0.0-milestone11
and 74 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 555 more
CVE-2023-41080
Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication feature. An attacker could exploit this vulnerability using...
Apache Tomcat>=8.5.0<=8.5.92
Apache Tomcat>=9.0.0<=9.0.79
Apache Tomcat>=10.1.0<=10.1.12
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone10
Apache Tomcat=11.0.0-milestone2
and 25 more
CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS message would be sent for the...
Apache Tomcat=8.5.88
Apache Tomcat=9.0.74
Apache Tomcat=10.1.8
Apache Tomcat=11.0.0-milestone5
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
maven/org.apache.tomcat:tomcat-coyote=8.5.88
and 3 more
CVE-2023-28709
Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix for CVE-2023-24998 related to the failure to limit the number of request parts to be processed in the file upload functi...
Apache Tomcat>=8.5.85<=8.5.87
Apache Tomcat>=9.0.71<=9.0.73
Apache Tomcat>=10.1.5<=10.1.7
Apache Tomcat=11.0.0-milestone2
Apache Tomcat=11.0.0-milestone3
Apache Tomcat=11.0.0-milestone4
and 13 more
CVE-2023-28708
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure attribute in some configurations for JSESSIONID Cookie when using the RemoteIpFilter. By sn...
Apache Tomcat>=8.5.0<8.5.86
Apache Tomcat>9.0.0<9.0.72
Apache Tomcat>10.1.0<10.1.6
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone2
IBM Watson Knowledge Catalog on-prem<=4.x
and 4 more
CVE-2022-45143
The `JsonErrorReportValve` in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the `type`, `message` or `description` values. In some circumstances these are constructed ...
Apache Tomcat>=9.0.40<9.0.69
Apache Tomcat=8.5.83
Apache Tomcat=10.1.0-milestone1
Apache Tomcat=10.1.0-milestone10
Apache Tomcat=10.1.0-milestone11
Apache Tomcat=10.1.0-milestone12
and 23 more
CVE-2022-42252
Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting ...
Apache Tomcat>=8.5.0<8.5.83
Apache Tomcat>=9.0.0<9.0.68
Apache Tomcat>=10.0.0<10.0.27
Apache Tomcat>=10.1.0<10.1.1
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
and 11 more
CVE-2021-43980
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a spec...
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.0<=8.5.77
Apache Tomcat>=9.0.0<=9.0.60
Apache Tomcat>=10.0.0<=10.0.18
Apache Tomcat=10.1.0-milestone1
Apache Tomcat=10.1.0-milestone10
and 18 more
CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data witho...
Apache Tomcat>=8.5.50<=8.5.81
Apache Tomcat>=9.0.30<=9.0.64
Apache Tomcat>=10.0.0<=10.0.22
Apache Tomcat=10.1.0-milestone1
Apache Tomcat=10.1.0-milestone10
Apache Tomcat=10.1.0-milestone11
and 13 more
CVE-2022-25762
Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending a specially-crafted WebSocket message concurrently wi...
Apache Tomcat>=8.5.0<8.5.76
Apache Tomcat>=9.0.0<9.0.21
Oracle Agile PLM=9.3.6
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2022-29885
Apache Tomcat is vulnerable to a denial of service, caused by an use-after-free flaw in theEncryptInterceptor in an untrusted network. By sending a specially-crafted request, a remote attacker could e...
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.38<=8.5.78
Apache Tomcat>=9.0.13<=9.0.62
Apache Tomcat>=10.0.0<=10.0.20
Apache Tomcat=10.1.0-milestone1
Apache Tomcat=10.1.0-milestone10
and 19 more
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed ...
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el7
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el8
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el9
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.55<=8.5.73
Apache Tomcat>=9.0.35<=9.0.56
and 24 more
CVE-2021-42340
Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploi...
redhat/pki-servlet-engine<1:9.0.50-1.el9
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
and 47 more
CVE-2021-41079
Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to...
redhat/jws5-tomcat<0:9.0.43-13.redhat_00013.1.el7
redhat/jws5-tomcat<0:9.0.43-13.redhat_00013.1.el8
ubuntu/tomcat9<9.0.16-3ubuntu0.18.04.2
ubuntu/tomcat9<9.0.31-1ubuntu0.2
redhat/tomcat<10.0.4
redhat/tomcat<9.0.44
and 17 more
CVE-2021-30639
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the er...
debian/tomcat9
IBM DRM<=2.0.6
Apache Tomcat=8.5.64
Apache Tomcat=9.0.44
Apache Tomcat=10.0.3
Apache Tomcat=10.0.4
and 13 more
CVE-2021-30640
Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user n...
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el8
and 20 more
CVE-2021-33037
Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header,...
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el8
and 91 more
CVE-2021-25122
A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meanin...
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el7
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el7
redhat/jws5-tomcat-native<0:1.2.26-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-2.Final_redhat_00003.1.el7
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el8
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el8
and 65 more
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely...
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el7
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el7
redhat/jws5-tomcat-native<0:1.2.26-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-2.Final_redhat_00003.1.el7
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el8
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el8
and 69 more
CVE-2021-24122
A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some c...
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el8
Apache Tomcat>=7.0.0<=7.0.106
Apache Tomcat>=8.5.0<=8.5.59
and 47 more
CVE-2020-17527
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connecti...
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.40
and 65 more
CVE-2020-13943
A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent...
maven/org.apache.tomcat:tomcat-coyote>=8.5.0<=8.5.57
maven/org.apache.tomcat:tomcat-coyote>=9.0.0-M1<=9.0.37
maven/org.apache.tomcat:tomcat-coyote>=10.0.0-M1<=10.0.0-M7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
and 139 more
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could tr...
redhat/tomcat<0:7.0.76-15.el7
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el5
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-bundles<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 220 more
CVE-2020-13934
A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryEx...
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el6
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el7
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.37
redhat/tomcat<8.5.57
and 58 more
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Ent...
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
Apache Tomcat<8.0.53-29.32.1
SUSE Enterprise Storage=5.0
SUSE Linux Enterprise Server=12-sp2
and 14 more
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could b...
redhat/jws5-jboss-logging<0:3.4.1-1.Final_redhat_00001.1.el6
redhat/jws5-tomcat<0:9.0.36-6.redhat_5.2.el6
redhat/jws5-tomcat-native<0:1.2.25-2.redhat_2.el6
redhat/jws5-jboss-logging<0:3.4.1-1.Final_redhat_00001.1.el7
redhat/jws5-tomcat<0:9.0.36-6.redhat_5.2.el7
redhat/jws5-tomcat-native<0:1.2.25-2.redhat_2.el7
and 60 more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; a...
redhat/tomcat6<0:6.0.24-115.el6_10
redhat/tomcat<0:7.0.76-12.el7_8
redhat/tomcat7<0:7.0.70-40.ep7.el6
redhat/tomcat8<0:8.0.36-44.ep7.el6
redhat/tomcat-native<0:1.2.23-22.redhat_22.ep7.el6
redhat/tomcat7<0:7.0.70-40.ep7.el7
and 99 more
CVE-2019-17569
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el6
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el6
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el7
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el7
redhat/jws5-tomcat<0:9.0.30-3.redhat_4.1.el8
redhat/jws5-tomcat-native<0:1.2.23-4.redhat_4.el8
and 30 more
CVE-2020-1935
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vuln...
redhat/tomcat<0:7.0.76-16.el7_9
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-41.ep7.el6
redhat/tomcat8<0:8.0.36-45.ep7.el6
redhat/tomcat7<0:7.0.70-41.ep7.el7
and 75 more
CVE-2020-1938
Apache Tomcat Improper Privilege Management Vulnerability
redhat/tomcat6<0:6.0.24-114.el6_10
redhat/tomcat<0:7.0.76-11.el7_7
redhat/tomcat<0:7.0.76-10.el7_6
redhat/jbossweb<0:7.5.30-2.Final_redhat_2.1.ep6.el5
redhat/glassfish-jsf12-eap6<0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5
redhat/hornetq<0:2.3.25-29.SP31_redhat_00001.1.ep6.el5
and 265 more
CVE-2019-17563
Apache Tomcat could allow a local attacker to hijack a user&#39;s session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user&#39;s ...
redhat/tomcat<0:7.0.76-15.el7
redhat/tomcat<0:7.0.76-11.el7_6
redhat/tomcat<0:7.0.76-12.el7_7
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
and 30 more
CVE-2019-12418
Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a flaw when configured with the JMX Remote Lifecycle Listener. By using man-in-the-middle attack techniq...
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
redhat/tomcat7<0:7.0.70-38.ep7.el7
redhat/tomcat8<0:8.0.36-42.ep7.el7
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el7
and 23 more
CVE-2019-10072
Apache Tomcat is vulnerable to a denial of service, caused by HTTP/2 connection window exhaustion on write. By failing to send WINDOW_UPDATE messages, a remote attacker could exploit this vulnerabilit...
redhat/jws5-ecj<0:4.12.0-1.redhat_1.1.el6
redhat/jws5-javapackages-tools<0:3.4.1-5.15.11.el6
redhat/jws5-jboss-logging<0:3.3.2-1.Final_redhat_00001.1.el6
redhat/jws5-tomcat<0:9.0.21-10.redhat_4.1.el6
redhat/jws5-tomcat-native<0:1.2.21-34.redhat_34.el6
redhat/jws5-tomcat-vault<0:1.1.8-1.Final_redhat_1.1.el6
and 80 more
CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. ...
redhat/java<1.8.0-openjdk-1:1.8.0.212.b04-0.el6_10
redhat/java<1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el6_10
redhat/java<1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10
redhat/java<1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el6_10
redhat/java<1.8.0-openjdk-1:1.8.0.212.b04-0.el7_6
redhat/java<11-openjdk-1:11.0.3.7-0.el7_6
and 88 more
CVE-2019-0221
Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute scr...
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
redhat/tomcat7<0:7.0.70-38.ep7.el7
redhat/tomcat8<0:8.0.36-42.ep7.el7
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el7
and 84 more
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bu...
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0.M1<9.0.17
maven/org.apache.tomcat.embed:tomcat-embed-core>=7.0.0<7.0.94
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.0.0<8.5.40
IBM GDE<=3.0.0.2
Apache Tomcat>=7.0.0<=7.0.93
Apache Tomcat>=8.5.0<=8.5.39
and 106 more
CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without rea...
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.0.0<8.5.38
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0<9.0.16
IBM GDE<=3.0.0.2
Apache Tomcat>=8.5.0<=8.5.37
Apache Tomcat>=9.0.1<=9.0.14
Apache Tomcat=9.0.0-milestone1
and 60 more
CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...
Apache Tomcat>=7.0.23<=7.0.90
Apache Tomcat>=8.5.0<=8.5.33
Apache Tomcat>=9.0.1<=9.0.11
Apache Tomcat=9.0.0
Apache Tomcat=9.0.0-m1
Apache Tomcat=9.0.0-m10
and 87 more
CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to...
Apache Tomcat>=7.0.28<=7.0.86
Apache Tomcat>=8.0.0<=8.0.51
Apache Tomcat>=8.5.0<=8.5.30
Apache Tomcat>=9.0.1<=9.0.7
Apache Tomcat=8.0.0-rc1
Apache Tomcat=8.0.0-rc10
and 81 more
CVE-2018-8034
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52,...
Apache Tomcat>=7.0.35<=7.0.88
Apache Tomcat>=8.0.0<=8.0.52
Apache Tomcat>=8.5.0<=8.5.31
Apache Tomcat>=9.0.1<=9.0.9
Apache Tomcat=8.0.0-rc1
Apache Tomcat=8.0.0-rc10
and 84 more
CVE-2018-8037
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for ...
redhat/jws5-tomcat<0:9.0.7-12.redhat_12.1.el6
redhat/jws5-tomcat<0:9.0.7-12.redhat_12.1.el7
debian/tomcat9
Apache Tomcat>=8.5.5<=8.5.31
Apache Tomcat>=9.0.1<=9.0.9
Apache Tomcat=9.0.0
and 67 more
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all orig...
redhat/tomcat<8.0.53
redhat/tomcat<8.5.32
redhat/tomcat<9.0.9
redhat/tomcat<7.0.89
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.0.0RC1<8.0.53
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0.M1<=9.0.8
and 32 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203