Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache tomcat 9.0.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
2 Github repositories available
5
CVSSv2
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
11 Github repositories available
5
CVSSv2
CVE-2017-15706
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was...
Apache Tomcat 9.0.0
Apache Tomcat
Apache Tomcat 9.0.1
5
CVSSv2
CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause...
Apache Tomcat
Apache Tomcat 9.0.0
4 Github repositories available
3 Articles available
9.3
CVSSv2
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit available
1 Metasploit module available
22 Github repositories available
1 Article available
5
CVSSv2
CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that...
Apache Tomcat 9.0.0
Apache Tomcat
3 Github repositories available
4.3
CVSSv2
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...
Apache Tomcat 9.0.0
Apache Tomcat
6 Github repositories available
5
CVSSv2
CVE-2016-8747
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request....
Apache Tomcat 9.0.0
Apache Tomcat 8.5.8
Apache Tomcat 8.5.9
Apache Tomcat 8.5.7
5
CVSSv2
CVE-2016-6817
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible....
Apache Tomcat 8.5.3
Apache Tomcat 8.5.4
Apache Tomcat 9.0.0
Apache Tomcat 8.5.0
Apache Tomcat 8.5.5
Apache Tomcat 8.5.6
Apache Tomcat 8.5.1
Apache Tomcat 8.5.2
3 Github repositories available
5
CVSSv2
CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
3 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-33739
CVE-2020-12915
server-side request forgery
wireless
CVE-2009-4289
CVE-2017-5772
CVE-2020-12916
spoof
CVE-2021-26868
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon