Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-8034 | 5.0 |
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
|
21-10-2024 - 16:35 | 01-08-2018 - 18:29 | |
CVE-2019-10247 | 5.0 |
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
|
22-04-2022 - 20:09 | 22-04-2019 - 20:29 | |
CVE-2019-10241 | 4.3 |
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showi
|
22-04-2022 - 20:06 | 22-04-2019 - 20:29 | |
CVE-2019-0188 | 5.0 |
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
|
15-03-2021 - 18:25 | 28-05-2019 - 19:29 | |
CVE-2017-6056 | 5.0 |
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backportin
|
03-10-2019 - 00:03 | 17-02-2017 - 07:59 | |
CVE-2018-8014 | 7.5 |
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter
|
03-10-2019 - 00:03 | 16-05-2018 - 16:29 |