|Max CVSS||5.0||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
|15-04-2020 - 21:15||02-08-2018 - 14:29|
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
|14-05-2019 - 17:29||01-08-2018 - 18:29|
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
|15-04-2019 - 16:31||02-08-2018 - 14:29|