Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
apache tomcat 9.0.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-15706
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was...
Apache Tomcat 9.0.0
Apache Tomcat
Apache Tomcat 9.0.1
7.5
CVSSv3
CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause...
Apache Tomcat
Apache Tomcat 9.0.0
5 Github repositories available
3 Articles available
8.1
CVSSv3
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit available
1 Metasploit module available
28 Github repositories available
1 Article available
6.1
CVSSv3
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...
Apache Tomcat 9.0.0
Apache Tomcat
9 Github repositories available
7.5
CVSSv3
CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that...
Apache Tomcat 9.0.0
Apache Tomcat
5 Github repositories available
7.5
CVSSv3
CVE-2016-8747
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request....
Apache Tomcat 9.0.0
Apache Tomcat 8.5.8
Apache Tomcat 8.5.9
Apache Tomcat 8.5.7
7.5
CVSSv3
CVE-2016-6817
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible....
Apache Tomcat 8.5.3
Apache Tomcat 8.5.4
Apache Tomcat 9.0.0
Apache Tomcat 8.5.0
Apache Tomcat 8.5.5
Apache Tomcat 8.5.6
Apache Tomcat 8.5.1
Apache Tomcat 8.5.2
3 Github repositories available
7.5
CVSSv3
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These...
Apache Tomcat 8.5.1
Apache Tomcat 8.5.2
Apache Tomcat 8.5.10
Apache Tomcat 8.5.11
Apache Tomcat 8.5.5
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.9
Apache Tomcat 8.5.3
Apache Tomcat 8.5.4
Apache Tomcat 8.5.12
Apache Tomcat 8.5.0
Apache Tomcat 9.0.0
1 Github repository available
7.5
CVSSv3
CVE-2017-7675
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL....
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.15
Apache Tomcat 9.0.0
Apache Tomcat 8.5.2
Apache Tomcat 8.5.3
Apache Tomcat 8.5.11
Apache Tomcat 8.5.12
Apache Tomcat 8.5.0
Apache Tomcat 8.5.1
Apache Tomcat 8.5.8
Apache Tomcat 8.5.9
Apache Tomcat 8.5.10
Apache Tomcat 8.5.4
Apache Tomcat 8.5.5
Apache Tomcat 8.5.13
Apache Tomcat 8.5.14
1 Github repository available
5.9
CVSSv3
CVE-2018-8037
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2...
Apache Tomcat 9.0.0
Apache Tomcat
Debian Debian Linux 9.0
5 Github repositories available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
physical
CVE-2022-26703
CVE-2022-26737
wireless
CVE-2022-26701
CVE-2021-31805
CVE-2022-22972
remote
CVE-2022-26770
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »