Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-21307
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin prior to 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96...
Lucee Lucee Server
9.8
CVSSv3
CVE-2020-26510
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
Airleader Airleader Master Control
9.8
CVSSv3
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exp...
Apache Tomcat
Apache Geode 1.12.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Instantis Enterprisetrack
Oracle Mysql Enterprise Monitor
Oracle Health Sciences Empirica Signal 7.3.3
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
57 Github repositories
1 Article
9.8
CVSSv3
CVE-2019-10104
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote malicious user to execute code when the configuration is running, because a JMX server listened on all ...
Jetbrains Intellij Idea
9.8
CVSSv3
CVE-2019-1619
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote malicious user to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability i...
Cisco Data Center Network Manager 10.4(2)
1 EDB exploit
2 Metasploit modules
9.8
CVSSv3
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This ...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.10
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 9.0.0
8.8
CVSSv3
CVE-2023-0100
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched th...
Eclipse Business Intelligence And Reporting Tools
8.8
CVSSv3
CVE-2022-30929
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
Mini Tmall Project Mini Tmall 1.0
8.8
CVSSv3
CVE-2021-40348
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, accordin...
Uyuni-project Uyuni 2021.08
Spacewalk Project Spacewalk 2.10
8.8
CVSSv3
CVE-2021-39180
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions before 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomc...
Frentix Openolat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »