Max CVSS 7.2 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-5388 5.1
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh
13-08-2019 - 22:15 19-07-2016 - 02:00
CVE-2014-7810 5.0
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker
15-04-2019 - 16:30 07-06-2015 - 23:59
CVE-2015-5346 6.8
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to
19-07-2018 - 01:29 25-02-2016 - 01:59
CVE-2016-6325 7.2
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging me
05-01-2018 - 02:31 13-10-2016 - 14:59
CVE-2016-5425 7.2
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging me
03-09-2017 - 01:29 13-10-2016 - 14:59
Back to Top Mark selected
Back to Top