Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet i...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit
8 Github repositories
8.1
CVSSv3
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a...
Apache Tomcat 7.0.2
Apache Tomcat 8.0.4
Apache Tomcat 8.0.10
Apache Tomcat 7.0.49
Apache Tomcat 8.0.30
Apache Tomcat 8.0.44
Apache Tomcat 7.0.12
Apache Tomcat 7.0.62
Apache Tomcat 8.0.17
Apache Tomcat 7.0.20
Apache Tomcat 8.0.7
Apache Tomcat 7.0.34
Apache Tomcat 8.0.26
Apache Tomcat 7.0.58
Apache Tomcat 8.5.2
Apache Tomcat 7.0.8
Apache Tomcat 7.0.55
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 8.0.40
2 EDB exploits
21 Github repositories
8.1
CVSSv3
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and a...
Apache Tomcat 7.0
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.8
Apache Tomcat 7.0.9
Apache Tomcat 7.0.10
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
Apache Tomcat 7.0.13
Apache Tomcat 7.0.14
Apache Tomcat 7.0.15
Apache Tomcat 7.0.16
Apache Tomcat 7.0.17
Apache Tomcat 7.0.18
Apache Tomcat 7.0.19
Apache Tomcat 7.0.20
1 EDB exploit
17 Github repositories
1 Article
8.1
CVSSv3
CVE-2016-5388
Apache Tomcat 7.x up to and including 7.0.70 and 8.x up to and including 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi...
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Hpc Node Eus 7.2
Hp System Management Homepage
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Oracle Linux 6
Oracle Linux 7
Apache Tomcat
1 Article
7.8
CVSSv3
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux ...
Apache Tomcat
Opensuse Leap 15.1
7.8
CVSSv3
CVE-2016-9774
The postinst script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u4 on Debian wheezy, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u8 on Debian wheezy, prior to 7.0.56-3+deb8u6 on Debian jessie, prior to 7....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 7.0
Apache Tomcat 8.0
Apache Tomcat 6.0
7.8
CVSSv3
CVE-2016-9775
The postrm script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u3 on Debian wheezy, prior to 6.0.45+dfsg-1~deb8u1 on Debian jessie, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u7 on Debian wheezy, prior to...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 8.0
Apache Tomcat 6.0
Apache Tomcat 7.0
7.5
CVSSv3
CVE-2023-46589
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 up to and including 11.0.0-M10, from 10.1.0-M1 up to and including 10.1.15, from 9.0.0-M1 up to and including 9.0.82 and from 8.5.0 up to and including 8.5.95 did not correctly parse HTTP trailer heade...
Apache Tomcat 11.0.0
Apache Tomcat
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.5
CVSSv3
CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied r...
Apache Tomcat Connectors
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »