Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 10.0.0 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpec...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Debian Debian Linux 9.0
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
7.5
CVSSv3
CVE-2020-17527
While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Whi...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 10.0.0
Netapp Element Plug-in -
Netapp Oncommand System Manager
Debian Debian Linux 9.0
4.3
CVSSv3
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that co...
Apache Tomcat 8.5.0
Apache Tomcat 8.5.1
Apache Tomcat 8.5.2
Apache Tomcat 8.5.3
Apache Tomcat 8.5.4
Apache Tomcat 8.5.5
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.9
Apache Tomcat 8.5.10
Apache Tomcat 8.5.11
7.5
CVSSv3
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server co...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Canonical Ubuntu Linux 20.04
Oracle Mysql Enterprise Monitor
Oracle Siebel Ui Framework
Oracle Workload Manager 12.2.0.1
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 9.0
1 Github repository
7
CVSSv3
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local malicious user to perform actions with the privileges of the user that t...
Apache Tomcat
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Mysql Enterprise Monitor
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Apache Tomcat
Apache Tomcat 10.1.0
7.5
CVSSv3
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that inv...
Apache Tomcat
Apache Tomcat 8.5.83
Apache Tomcat 10.1.0
Apache Tomcat 10.1.1
4.3
CVSSv3
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not includ...
Apache Tomcat
Apache Tomcat 11.0.0
7.5
CVSSv3
CVE-2022-42252
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Len...
Apache Tomcat
3.7
CVSSv3
CVE-2021-43980
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and ...
Apache Tomcat
Apache Tomcat 10.1.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
desktop browser
urbancode velocity
CVE-2024-57932
CVE-2025-21655
CVE-2024-12084
CVE-2023-34960
unauthorized
CSRF
CVE-2024-57913
privilege
CVE-2025-21649
itsourcecode
cp-xr-de21-s router
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »