Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache tomcat 9.0.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-15706
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 9.0.1
5
CVSSv2
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
4 Github repositories available
5
CVSSv2
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
9 Github repositories available
5
CVSSv2
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
1 Github repository available
7.5
CVSSv2
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
4.3
CVSSv2
CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
5
CVSSv2
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
4.3
CVSSv2
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...
Apache Tomcat
Apache Tomcat 9.0.0
3 Github repositories available
5
CVSSv2
CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that...
Apache Tomcat
Apache Tomcat 9.0.0
2 Github repositories available
5
CVSSv2
CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause...
Apache Tomcat
Apache Tomcat 9.0.0
3 Github repositories available
2 Articles available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IDOR
CVE-2021-25336
CVE-2020-35489
internment
CVE-2021-21978
CVE-2021-26293
CVE-2021-26965
CVE-2020-29032
XML injection
internment project
encryption
toodee
truetype
1
2
3
4
5
NEXT »