Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-52318
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
1 Github repository
NA
CVE-2024-52316
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indic...
3 Github repositories
NA
CVE-2024-52317
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 up to and including 11.0.0-...
1 Github repository
NA
CVE-2024-38286
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M20, from 10.1.0-M1 up to and including 10.1.24, from 9.0.13 up to and including 9.0.89. Older, unsupported versions ma...
NA
CVE-2024-46544
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-b...
NA
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn ...
NA
CVE-2024-24749
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation ...
NA
CVE-2024-5246
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vuln...
NA
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 up to and including 11.0.0-M16, from 10.1.0...
NA
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers ha...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-9474
CVE-2024-36620
file inclusion
cache poisoning
man-in-the-middle
CVE-2024-20138
CVE-2024-0012
CVE-2024-20131
CVE-2024-11995
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »