Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-3427 | 10.0 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
|
09-10-2024 - 14:41 | 21-04-2016 - 11:00 | |
CVE-2016-8735 | 7.5 |
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because
|
27-06-2024 - 19:23 | 06-04-2017 - 21:59 | |
CVE-2013-1571 | 4.3 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2016-5018 | 6.4 |
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applica
|
18-04-2022 - 17:57 | 10-08-2017 - 16:29 | |
CVE-2016-0762 | 4.3 |
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attac
|
18-04-2022 - 17:57 | 10-08-2017 - 16:29 | |
CVE-2016-6797 | 5.0 |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
|
18-04-2022 - 17:56 | 10-08-2017 - 22:29 | |
CVE-2016-6796 | 5.0 |
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for t
|
18-04-2022 - 17:56 | 11-08-2017 - 02:29 | |
CVE-2016-6794 | 5.0 |
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the
|
18-04-2022 - 17:56 | 10-08-2017 - 16:29 | |
CVE-2016-6816 | 6.8 |
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also
|
05-10-2020 - 22:15 | 20-03-2017 - 18:59 | |
CVE-2017-5647 | 5.0 |
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file pr
|
15-04-2019 - 16:31 | 17-04-2017 - 16:59 | |
CVE-2016-8745 | 5.0 |
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the
|
15-04-2019 - 16:30 | 10-08-2017 - 22:29 | |
CVE-2014-7810 | 5.0 |
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker
|
15-04-2019 - 16:30 | 07-06-2015 - 23:59 | |
CVE-2015-5345 | 5.0 |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2015-5174 | 4.0 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2016-0714 | 6.5 |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2014-0230 | 7.8 |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (
|
15-04-2019 - 16:30 | 07-06-2015 - 23:59 | |
CVE-2016-0706 | 4.0 |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2013-4590 | 4.3 |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML d
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2013-4286 | 5.8 |
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identifi
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2013-4322 | 4.3 |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2012-3544 | 5.0 |
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
|
15-04-2019 - 16:29 | 01-06-2013 - 14:21 | |
CVE-2013-2067 | 6.8 |
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
|
15-04-2019 - 16:29 | 01-06-2013 - 14:21 | |
CVE-2014-0227 | 6.4 |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote atta
|
15-04-2019 - 16:29 | 16-02-2015 - 00:59 | |
CVE-2014-0099 | 4.3 |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0096 | 4.3 |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2005-2090 | 4.3 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header
|
15-04-2019 - 16:29 | 05-07-2005 - 04:00 | |
CVE-2014-0033 | 4.3 |
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a cra
|
15-04-2019 - 16:29 | 26-02-2014 - 14:55 | |
CVE-2014-0119 | 4.3 |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0075 | 5.0 |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 |