| Max CVSS | 5.1 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-17563 | 5.1 |
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
|
07-10-2022 - 13:39 | 23-12-2019 - 17:15 | |
| CVE-2019-12418 | 4.4 |
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perf
|
18-04-2022 - 15:47 | 23-12-2019 - 18:15 | |
| CVE-2019-10072 | 5.0 |
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) cl
|
14-06-2021 - 18:15 | 21-06-2019 - 18:15 |