Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-29885
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor ...
Apache Tomcat 10.1.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Hospitality Cruise Shipboard Property Management System 20.2.1
5 Github repositories
7.5
CVSSv3
CVE-2021-45968
An issue exists in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System prior to 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
Jivesoftware Jive -
Pascom Cloud Phone System
7.5
CVSSv3
CVE-2022-23612
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/i...
Openmrs Openmrs
7.5
CVSSv3
CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the c...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Netapp Hci -
Netapp Management Services For Element Software -
Debian Debian Linux 11.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Sd-wan Edge 9.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Sd-wan Edge 9.1
Oracle Communications Diameter Signaling Router
Oracle Big Data Spatial And Graph
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Retail Customer Insights 15.0.2
Oracle Retail Customer Insights 16.0.2
Oracle Taleo Platform
Oracle Payment Interface 20.3
Oracle Payment Interface 19.1
Oracle Retail Eftlink 21.0.0
Oracle Retail Data Extractor For Merchandising 16.0.2
7.5
CVSSv3
CVE-2021-41079
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a den...
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Management Services For Element Software And Netapp Hci -
7.5
CVSSv3
CVE-2021-30639
A vulnerability in Apache Tomcat allows an malicious user to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests...
Apache Tomcat 10.0.4
Apache Tomcat 9.0.44
Apache Tomcat 10.0.3
Apache Tomcat 8.5.64
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
Oracle Big Data Spatial And Graph
7.5
CVSSv3
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Graph Server And Client 21.3.0
Oracle Database 21c
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
7.5
CVSSv3
CVE-2020-17527
While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Whi...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
Apache Tomcat
Netapp Oncommand System Manager
Netapp Element Plug-in -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Sd-wan Edge 9.0
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Cloud Native Core Policy 1.14.0
2 Github repositories
7.5
CVSSv3
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial ...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
7.5
CVSSv3
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Mcafee Epolicy Orchestrator 5.9.0
Mcafee Epolicy Orchestrator 5.9.1
Mcafee Epolicy Orchestrator 5.10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »