Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 9.0.0 vulnerabilities and exploits
(subscribe to this query)
937
VMScore
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet i...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit
8 Github repositories
696
VMScore
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a...
Apache Tomcat 7.0.2
Apache Tomcat 8.0.4
Apache Tomcat 8.0.10
Apache Tomcat 7.0.49
Apache Tomcat 8.0.30
Apache Tomcat 8.0.44
Apache Tomcat 7.0.12
Apache Tomcat 7.0.62
Apache Tomcat 8.0.17
Apache Tomcat 7.0.20
Apache Tomcat 8.0.7
Apache Tomcat 7.0.34
Apache Tomcat 8.0.26
Apache Tomcat 7.0.58
Apache Tomcat 8.5.2
Apache Tomcat 7.0.8
Apache Tomcat 7.0.55
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 8.0.40
2 EDB exploits
21 Github repositories
684
VMScore
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exp...
Apache Tomcat
Apache Geode 1.12.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Instantis Enterprisetrack
Oracle Mysql Enterprise Monitor
Oracle Health Sciences Empirica Signal 7.3.3
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
54 Github repositories
1 Article
668
VMScore
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The e...
Apache Tomcat
Oracle Agile Plm 9.3.6
668
VMScore
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This ...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.10
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 9.0.0
516
VMScore
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an malicious user to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0...
Apache Tomcat
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Communications Diameter Signaling Router
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Tekelec Platform Distribution
Oracle Communications Cloud Native Core Policy 1.14.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
516
VMScore
CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located be...
Apache Tomcat 9.0.0
Apache Tomcat
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.1
Netapp Oncommand System Manager
Netapp Data Availability Services -
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Retail Order Broker 15.0
Oracle Agile Product Lifecycle Management 9.3.3
Oracle Agile Product Lifecycle Management 9.3.5
Oracle Agile Product Lifecycle Management 9.3.6
Oracle Instantis Enterprisetrack
Oracle Health Sciences Empirica Signal 7.3.3
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
516
VMScore
CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomca...
Apache Tomcat
Apache Tomee 7.0.7
Opensuse Leap 15.1
Netapp Oncommand System Manager
Netapp Data Availability Services -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Instantis Enterprisetrack
Oracle Mysql Enterprise Monitor
Oracle Health Sciences Empirica Signal 7.3.3
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Health Sciences Empirica Inspections 1.0.1.2
455
VMScore
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the si...
Apache Tomcat
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Oracle Transportation Management 6.3.7
Oracle Retail Order Broker 15.0
Oracle Micros Relate Crm Software 11.4
Oracle Instantis Enterprisetrack
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Mysql Enterprise Monitor
446
VMScore
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Graph Server And Client 21.3.0
Oracle Database 21c
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »