Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 11.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha...
NA
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M16, from 10.1.0...
7.5
CVSSv3
CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M10, from 10.1.0-M1 up to and including 10.1.15, from 9.0.0-M1 up to and including 9.0.82 and from 8.5.0 up to and including 8.5.95 did not correctly parse HTTP trailer heade...
Apache Tomcat 11.0.0
Apache Tomcat
5.3
CVSSv3
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M11, from 10.1.0-M1 up to and including 10.1.13, from 9.0.0-M1 up to and including 9.0.81 and from 8.5.0 up to and including 8.5.93 did not correctly parse HTTP trailer heade...
Apache Tomcat 9.0.0
Apache Tomcat 10.1.0
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5.3
CVSSv3
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 up to and including 11.0.0-M11, from 10.1.0-M1 up to and including 10.1.13, from 9.0.0-M1 up to and including 9.0.80 and from 8.5.0 up to and including 8.5.93...
Apache Tomcat 9.0.0
Apache Tomcat 10.1.0
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
6.1
CVSSv3
CVE-2023-41080
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M10, from 10.1.0-M1 up to and including 10.0.12, from 9.0.0-M1 up to and including ...
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would ...
Apache Tomcat 10.1.8
Apache Tomcat 9.0.74
Apache Tomcat 8.5.88
Apache Tomcat 11.0.0
7.5
CVSSv3
CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a reque...
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 12.0
Netapp 7-mode Transition Tool -
4.3
CVSSv3
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not includ...
Apache Tomcat 11.0.0
Apache Tomcat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »