| Max CVSS | 7.2 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-5425 | 7.2 |
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging me
|
12-02-2023 - 23:24 | 13-10-2016 - 14:59 | |
| CVE-2016-6325 | 7.2 |
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging me
|
12-02-2023 - 23:24 | 13-10-2016 - 14:59 | |
| CVE-2016-5388 | 5.1 |
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh
|
12-02-2023 - 23:23 | 19-07-2016 - 02:00 | |
| CVE-2014-7810 | 5.0 |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker
|
15-04-2019 - 16:30 | 07-06-2015 - 23:59 | |
| CVE-2015-5346 | 6.8 |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to
|
19-07-2018 - 01:29 | 25-02-2016 - 01:59 |