Max CVSS | 7.5 | Min CVSS | 4.4 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-1938 | 7.5 |
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
|
24-07-2024 - 14:23 | 24-02-2020 - 22:15 | |
CVE-2019-17563 | 5.1 |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
|
07-10-2022 - 13:39 | 23-12-2019 - 17:15 | |
CVE-2019-17569 | 5.8 |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H
|
02-09-2022 - 15:30 | 24-02-2020 - 22:15 | |
CVE-2019-12418 | 4.4 |
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perf
|
18-04-2022 - 15:47 | 23-12-2019 - 18:15 | |
CVE-2019-10072 | 5.0 |
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) cl
|
14-06-2021 - 18:15 | 21-06-2019 - 18:15 | |
CVE-2020-1935 | 5.8 |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
|
04-05-2021 - 19:19 | 24-02-2020 - 22:15 |