Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 8.5.1 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These wait...
Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.4Apache Tomcat 8.5.0Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.3Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.12Apache Tomcat 8.5.11Apache Tomcat 8.5.1Apache Tomcat 9.0.0
9.8
CVSSv3
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This ...
Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.4Apache Tomcat 8.5.0Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.3Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.12Apache Tomcat 8.5.11Apache Tomcat 8.5.1Apache Tomcat 9.0.0
7.5
CVSSv3
CVE-2017-7675
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.4Apache Tomcat 8.5.0Apache Tomcat 8.5.15Apache Tomcat 8.5.10Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.5Apache Tomcat 8.5.3Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.12Apache Tomcat 8.5.11Apache Tomcat 8.5.1Apache Tomcat 9.0.0
7.5
CVSSv3
CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error pag...
Apache Tomcat 7.0.2Apache Tomcat 7.0.49Apache Tomcat 7.0.12Apache Tomcat 7.0.62Apache Tomcat 7.0.20Apache Tomcat 7.0.34Apache Tomcat 7.0.58Apache Tomcat 7.0.8Apache Tomcat 7.0.55Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Tomcat 7.0.51Apache Tomcat 7.0.4Apache Tomcat 7.0.63Apache Tomcat 7.0.22Apache Tomcat 7.0.39Apache Tomcat 7.0.26Apache Tomcat 7.0.46Apache Tomcat 7.0.72Apache Tomcat 7.0.76Apache Tomcat 7.0.71Apache Tomcat 7.0.28
4.3
CVSSv3
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that co...
Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.4Apache Tomcat 8.5.0Apache Tomcat 8.5.15Apache Tomcat 8.5.10Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.5Apache Tomcat 8.5.3Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.12Apache Tomcat 8.5.11Apache Tomcat 8.5.1Apache Tomcat 8.5.16Apache Tomcat 8.5.17Apache Tomcat 8.5.18Apache Tomcat 8.5.19Apache Tomcat 8.5.20Apache Tomcat 8.5.21
8.1
CVSSv3
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a...
Apache Tomcat 7.0.2Apache Tomcat 8.0.4Apache Tomcat 8.0.10Apache Tomcat 7.0.49Apache Tomcat 8.0.30Apache Tomcat 8.0.44Apache Tomcat 7.0.12Apache Tomcat 7.0.62Apache Tomcat 8.0.17Apache Tomcat 7.0.20Apache Tomcat 8.0.7Apache Tomcat 7.0.34Apache Tomcat 8.0.26Apache Tomcat 7.0.58Apache Tomcat 8.5.2Apache Tomcat 7.0.8Apache Tomcat 7.0.55Apache Tomcat 8.5.9Apache Tomcat 8.5.4Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Tomcat 8.0.40
7.5
CVSSv3
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial ...
Apache Tomcat 9.0.0Apache Tomcat 10.0.0Apache TomcatDebian Debian Linux 9.0Debian Debian Linux 10.0Netapp Oncommand System ManagerOpensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 20.04Oracle Managed File Transfer 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Workload Manager 18cOracle Workload Manager 19cOracle Workload Manager 12.2.0.1Oracle Agile Engineering Data Management 6.2.1.0Oracle Siebel Ui FrameworkOracle Mysql Enterprise Monitor
7.5
CVSSv3
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea...
Apache Tomcat 9.0.0Apache Tomcat 10.0.0Apache TomcatDebian Debian Linux 9.0Debian Debian Linux 10.0Netapp Oncommand System ManagerOpensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 16.04Mcafee Epolicy Orchestrator 5.9.0Mcafee Epolicy Orchestrator 5.9.1Mcafee Epolicy Orchestrator 5.10.0Oracle Managed File Transfer 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Workload Manager 18cOracle Workload Manager 19c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook