| Max CVSS | 7.5 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1938 | 7.5 |
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
|
24-07-2024 - 14:23 | 24-02-2020 - 22:15 | |
| CVE-2019-17563 | 5.1 |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
|
07-10-2022 - 13:39 | 23-12-2019 - 17:15 | |
| CVE-2020-9484 | 4.4 |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
|
25-07-2022 - 18:15 | 20-05-2020 - 19:15 | |
| CVE-2020-1935 | 5.8 |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
|
04-05-2021 - 19:19 | 24-02-2020 - 22:15 |