Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 8.0 vulnerabilities and exploits

(subscribe to this query)

7.2
CVSSv2
CVE-2016-1240
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before...
Apache Tomcat 6.0Apache Tomcat 7.0Apache Tomcat 8.0
5
CVSSv2
CVE-2016-8745
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 9.0.0
6.5
CVSSv2
CVE-2016-0763
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote...
Debian Debian Linux 7.0Debian Debian Linux 8.0Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.67Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 9.0.0Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2017-7674
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances....
Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 7.0.75Apache Tomcat 7.0.76Apache Tomcat 7.0.77Apache Tomcat 7.0.78Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.0.40Apache Tomcat 8.0.41Apache Tomcat 8.0.42Apache Tomcat 8.0.43Apache Tomcat 8.0.44Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.15Apache Tomcat 9.0.0
6.5
CVSSv2
CVE-2016-0714
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary...
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.4Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.16Apache Tomcat 6.0.18Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.39Apache Tomcat 6.0.41Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.67Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 9.0.0Debian Debian Linux 7.0Debian Debian Linux 8.0Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04
6.8
CVSSv2
CVE-2015-5346
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by...
Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 9.0.0Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04Debian Debian Linux 7.0Debian Debian Linux 8.0
5
CVSSv2
CVE-2015-5345
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that...
Debian Debian Linux 7.0Debian Debian Linux 8.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.4Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.16Apache Tomcat 6.0.18Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.39Apache Tomcat 6.0.41Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 9.0.0Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04
5
CVSSv2
CVE-2016-6797
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application....
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
7.8
CVSSv2
CVE-2016-3092
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long...
Hp Icewall Identity Manager 5.0Hp Icewall Sso Agent Option 10.0Apache Tomcat 9.0.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 8.0.5Apache Tomcat 8.0.8Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.35Debian Debian Linux 8.0Apache Tomcat 8.5.0Apache Tomcat 8.5.2Apache Commons FileuploadCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.8Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69
4
CVSSv2
CVE-2015-5174
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a...
Debian Debian Linux 7.0Debian Debian Linux 8.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.4Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.16Apache Tomcat 6.0.18Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.39Apache Tomcat 6.0.41Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 7.0.0Apache Tomcat 7.0.2Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.37Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.47Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.59Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.26Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 16.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IDORCVE-2021-25336CVE-2020-35489internmentCVE-2021-21978CVE-2021-26293CVE-2021-26965CVE-2020-29032XML injectioninternment projectencryptiontoodeetruetype