Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2632
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an malicious user to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HT...
NA
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M16, from 10.1.0...
NA
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha...
NA
CVE-2023-5617
Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
NA
CVE-2024-21733
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 up to and including 8.5.63, from 9.0.0-M11 up to and including 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onw...
Apache Tomcat 9.0.0
Apache Tomcat
NA
CVE-2023-49694
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
Netgear Prosafe Network Management System
NA
CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M10, from 10.1.0-M1 up to and including 10.1.15, from 9.0.0-M1 up to and including 9.0.82 and from 8.5.0 up to and including 8.5.95 did not correctly parse HTTP trailer heade...
Apache Tomcat 11.0.0
Apache Tomcat
NA
CVE-2023-47246
In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Sysaid Sysaid On-premises
2 Github repositories
1 Article
NA
CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M11, from 10.1.0-M1 up to and including 10.1.13, from 9.0.0-M1 up to and including 9.0.81 and from 8.5.0 up to and including 8.5.93 did not correctly parse HTTP trailer heade...
Apache Tomcat 9.0.0
Apache Tomcat 10.1.0
Apache Tomcat 11.0.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
NA
CVE-2023-42794
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 up to and including 9.0.80 and 8.5.85 up to and including 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of servic...
Apache Tomcat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »