Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-0714 | 6.5 |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2016-0706 | 4.0 |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
CVE-2016-0763 | 6.5 |
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh
|
21-03-2019 - 15:59 | 25-02-2016 - 01:59 | |
CVE-2015-5346 | 6.8 |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to
|
19-07-2018 - 01:29 | 25-02-2016 - 01:59 | |
CVE-2015-5351 | 6.8 |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec
|
19-07-2018 - 01:29 | 25-02-2016 - 01:59 |