|
41
|
4.3
-
|
MEDIUM
Network
|
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to…
|
-
|
CVE-2023-28708
|
cpe:2.3:a:apache:tomcat:11.0.0:milestone2 cpe:2.3:a:apache:tomcat:11.0.0:milestone1 cpe:2.3:a:apache:tomcat:*:*
|
8.5.0
|
|
10.1.0 9.0.0
|
10.1.6 9.0.72 8.5.86
|
2024-11-21 16:55
2023-03-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
7.5
-
|
HIGH
Network
|
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from use…
|
-
|
CVE-2022-45143
|
cpe:2.3:a:apache:tomcat:8.5.83:* cpe:2.3:a:apache:tomcat:10.1.1:* cpe:2.3:a:apache:tomcat:10.1.0:milestone9 cp…
|
9.0.40
|
|
|
9.0.69
|
2024-11-21 16:28
2023-01-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
7.5
-
|
HIGH
Network
|
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default f…
|
-
|
CVE-2022-42252
|
cpe:2.3:a:apache:tomcat:*:*
|
10.1.0 10.0.0 9.0.0 8.5.0
|
|
|
10.1.1 10.0.27 9.0.68 8.5.83
|
2024-11-21 16:24
2022-11-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
3.7
-
|
LOW
Network
|
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in …
|
-
|
CVE-2021-43980
|
cpe:2.3:a:apache:tomcat:10.1.0:milestone9 cpe:2.3:a:apache:tomcat:10.1.0:milestone8 cpe:2.3:a:apache:tomcat:10.1.…
|
8.5.0 9.0.0 10.0.0
|
8.5.77 9.0.60 10.0.18
|
|
|
2024-11-21 15:30
2022-09-28
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
6.1
4.3
|
MEDIUM
Network
|
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data with…
|
CWE-79
Cross-site Scripting
|
CVE-2022-34305
|
cpe:2.3:a:apache:tomcat:10.1.0:milestone9 cpe:2.3:a:apache:tomcat:10.1.0:milestone8 cpe:2.3:a:apache:tomcat:10.1.…
|
9.0.30 8.5.50 10.0.0
|
9.0.64 8.5.81 10.0.22
|
|
|
2024-11-21 16:09
2022-06-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
8.6
7.5
|
HIGH
Network
|
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible tha…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2022-25762
|
cpe:2.3:a:apache:tomcat:*:*
|
9.0.0 8.5.0
|
|
|
9.0.21 8.5.76
|
2024-11-21 15:52
2022-05-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
7.5
5.0
|
HIGH
Network
|
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r…
|
-
|
CVE-2022-29885
|
cpe:2.3:a:apache:tomcat:10.1.0:milestone9 cpe:2.3:a:apache:tomcat:10.1.0:milestone8 cpe:2.3:a:apache:tomcat:10.1.…
|
10.0.0 9.0.13 8.5.38
|
10.0.20 9.0.62 8.5.78
|
|
|
2024-11-21 15:59
2022-05-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
7.0
3.7
|
HIGH
Local
|
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed…
|
-
|
CVE-2022-23181
|
cpe:2.3:a:apache:tomcat:10.1.0:milestone8 cpe:2.3:a:apache:tomcat:10.1.0:milestone7 cpe:2.3:a:apache:tomcat:10.1.…
|
8.5.55 9.0.35 10.0.1
|
8.5.73 9.0.56 10.0.14
|
|
|
2024-11-21 15:48
2022-01-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
7.5
5.0
|
HIGH
Network
|
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics f…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2021-42340
|
cpe:2.3:a:apache:tomcat:10.1.0:milestone5 cpe:2.3:a:apache:tomcat:10.1.0:milestone4 cpe:2.3:a:apache:tomcat:10.1.…
|
10.0.1 8.5.60 9.0.40
|
|
|
10.0.12 8.5.72 9.0.54
|
2024-11-21 15:27
2021-10-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
7.5
4.3
|
HIGH
Network
|
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a spec…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2021-41079
|
cpe:2.3:a:apache:tomcat:*:*
|
10.0.0 9.0.0 8.5.0
|
10.0.2
|
|
9.0.44 8.5.64
|
2024-11-21 15:25
2021-09-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|