|
61
|
7.8
7.2
|
HIGH
Local
|
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux En…
|
-
|
CVE-2020-8022
|
cpe:2.3:a:apache:tomcat:*:*
|
|
|
|
8.0.53-29.32.1 8.0.53-29.32.1 8.0.53-29.32.1 8.0.53-29.32.1 8.0.53-29.32.1 8.0.53-29.32.1 8.0.53-29.3…
|
2024-11-21 14:38
2020-06-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
7.5
5.0
|
HIGH
Network
|
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient …
|
NVD-CWE-noinfo
|
CVE-2020-11996
|
cpe:2.3:a:apache:tomcat:9.0.0:milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone8 cpe:2.3:a:apache:tomcat:9.0.0:m…
|
9.0.0 8.5.0
|
9.0.35 8.5.55
|
|
|
2024-11-21 13:59
2020-06-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
7.0
4.4
|
HIGH
Local
|
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-9484
|
cpe:2.3:a:apache:tomcat:9.0.0:milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone8 cpe:2.3:a:apache:tomcat:9.0.0:m…
|
7.0.0 8.5.0 9.0.1
|
|
|
7.0.108 8.5.63 9.0.43
|
2024-11-21 14:40
2020-05-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
9.8
7.5
|
CRITICAL
Network
|
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar H…
|
NVD-CWE-Other
|
CVE-2020-1938
|
cpe:2.3:a:apache:tomcat:*:*
|
7.0.0 8.5.0 9.0.0
|
7.0.99 8.5.50 9.0.30
|
|
|
2024-11-21 14:11
2020-02-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
4.8
5.8
|
MEDIUM
Network
|
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va…
|
CWE-444
HTTP Request Smuggling
|
CVE-2020-1935
|
cpe:2.3:a:apache:tomcat:9.0.0:milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone8 cpe:2.3:a:apache:tomcat:9.0.0:m…
|
7.0.0 8.5.0 9.0.0
|
7.0.99 8.5.50 9.0.30
|
|
|
2024-11-21 14:11
2020-02-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
4.8
5.8
|
MEDIUM
Network
|
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were …
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-17569
|
cpe:2.3:a:apache:tomcat:*:*
|
8.5.48 7.0.98 9.0.28
|
8.5.50 7.0.99 9.0.30
|
|
|
2024-11-21 13:32
2020-02-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
7.0
4.4
|
HIGH
Local
|
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration f…
|
NVD-CWE-noinfo
|
CVE-2019-12418
|
cpe:2.3:a:apache:tomcat:*:*
|
7.0.0 8.5.0 9.0.0
|
7.0.97 8.5.47 9.0.28
|
|
|
2024-11-21 13:22
2019-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
7.5
5.1
|
HIGH
Network
|
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The wind…
|
CWE-384
Session Fixation
|
CVE-2019-17563
|
cpe:2.3:a:apache:tomcat:*:*
|
7.0.0 8.5.0 9.0.0
|
7.0.98 8.5.49 9.0.29
|
|
|
2024-11-21 13:32
2019-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
7.5
5.0
|
HIGH
Network
|
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDA…
|
CWE-667
Improper Locking
|
CVE-2019-10072
|
cpe:2.3:a:apache:tomcat:9.0.0:milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone8 cpe:2.3:a:apache:tomcat:9.0.0:m…
|
8.5.0 9.0.1
|
8.5.40 9.0.19
|
|
|
2024-11-21 13:18
2019-06-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
6.1
4.3
|
MEDIUM
Network
|
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by…
|
CWE-79
Cross-site Scripting
|
CVE-2019-0221
|
cpe:2.3:a:apache:tomcat:9.0.0:milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone8 cpe:2.3:a:apache:tomcat:9.0.0:m…
|
9.0.1 8.5.0 7.0.0
|
9.0.17 8.5.39 7.0.93
|
|
|
2024-11-21 13:16
2019-05-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|