Vulmon Recent Vulnerabilities Discussions Trends About Contact

apache tomcat vulnerabilities and exploits

1.9
CVSSv2
CVE-2011-3585
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists....
SambaRedhatEnterprise Linux
5
CVSSv2
CVE-2012-4420
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation)....
OracleJdk
4.4
CVSSv2
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle...
ApacheTomcatDebianDebian Linux
7.5
CVSSv2
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the...
ApacheTomcatDebianDebian Linux
4.3
CVSSv2
CVE-2013-6495
JBossWeb Bayeux has reflected XSS...
RedhatJboss Enterprise Application PlatformJboss Portal
NA
CVE-2012-5620
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none....
7.5
CVSSv2
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on...
Ruby-langRuby
5
CVSSv2
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output....
PhpDebianDebian LinuxRedhatEnterprise Linux
2.6
CVSSv2
CVE-2013-5661
Cache Poisoning issue exists in DNS Response Rate Limiting....
IscBindNicKnot ResolverNlnetlabsNsdRedhatEnterprise Linux
4.3
CVSSv2
CVE-2018-5742
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made...
IscBind
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-16018CVE-2020-0674CVE-2020-3136CVE-2013-4462CVE-2020-0610denial of serviceTCPCVE-2019-20429spoof