Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat vulnerabilities and exploits

(subscribe to this query)

4.4
CVSSv2
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note...
5
CVSSv2
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the...
4.3
CVSSv2
CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0Debian Debian Linux 9.0
5
CVSSv2
CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0Apache Tomcat 9.0.36Apache Tomcat 9.0.37Apache Tomcat 9.0.38Apache Tomcat 9.0.39Apache Tomcat 9.0.35-3.39.1Apache Tomcat 9.0.35-3.57.3
4
CVSSv2
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that...
Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.11Apache Tomcat 8.5.15Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.12Apache Tomcat 8.5.16Apache Tomcat 8.5.17Apache Tomcat 8.5.18Apache Tomcat 8.5.19Apache Tomcat 8.5.20Apache Tomcat 8.5.21Apache Tomcat 8.5.22Apache Tomcat 8.5.23Apache Tomcat 8.5.24Apache Tomcat 8.5.25Apache Tomcat 8.5.26Apache Tomcat 8.5.27Apache Tomcat 8.5.28Apache Tomcat 8.5.29Apache Tomcat 8.5.30Apache Tomcat 8.5.31Apache Tomcat 8.5.32Apache Tomcat 8.5.33Apache Tomcat 8.5.34Apache Tomcat 8.5.35Apache Tomcat 9.0.1Apache Tomcat 9.0.2Apache Tomcat 9.0.3Apache Tomcat 9.0.0Apache Tomcat 8.5.36Apache Tomcat 8.5.37Apache Tomcat 8.5.38Apache Tomcat 8.5.39Apache Tomcat 8.5.40Apache Tomcat 8.5.41Apache Tomcat 8.5.42Apache Tomcat 8.5.43Apache Tomcat 8.5.44Apache Tomcat 8.5.45Apache Tomcat 8.5.46Apache Tomcat 8.5.47Apache Tomcat 8.5.48Apache Tomcat 8.5.49Apache Tomcat 8.5.50Apache Tomcat 8.5.51Apache Tomcat 8.5.52Apache Tomcat 8.5.53Apache Tomcat 8.5.54Apache Tomcat 8.5.55Apache Tomcat 8.5.56Apache Tomcat 8.5.57Apache Tomcat 9.0.4Apache Tomcat 10.0.0Apache Tomcat 9.0.5Apache Tomcat 9.0.6Apache Tomcat 9.0.7Apache Tomcat 9.0.8Apache Tomcat 9.0.9Apache Tomcat 9.0.10Apache Tomcat 9.0.11Apache Tomcat 9.0.12Apache Tomcat 9.0.13Apache Tomcat 9.0.14Apache Tomcat 9.0.15Apache Tomcat 9.0.16Apache Tomcat 9.0.17Apache Tomcat 9.0.18Apache Tomcat 9.0.19Apache Tomcat 9.0.20Apache Tomcat 9.0.21Apache Tomcat 9.0.22Apache Tomcat 9.0.23Apache Tomcat 9.0.24Apache Tomcat 9.0.25Apache Tomcat 9.0.26Apache Tomcat 9.0.27Apache Tomcat 9.0.28Apache Tomcat 9.0.29Apache Tomcat 9.0.30Apache Tomcat 9.0.31Apache Tomcat 9.0.32Apache Tomcat 9.0.33Apache Tomcat 9.0.34Apache Tomcat 9.0.35Apache Tomcat 9.0.36Apache Tomcat 9.0.37Debian Debian Linux 9.0
5
CVSSv2
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0
5
CVSSv2
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0
7.2
CVSSv2
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux...
Apache TomcatOpensuse Leap 15.1
5
CVSSv2
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0Canonical Ubuntu Linux 20.04Oracle Mysql Enterprise MonitorOracle Siebel Ui FrameworkOracle Workload Manager 12.2.0.1Oracle Workload Manager 18cOracle Workload Manager 19cOpensuse Leap 15.1Opensuse Leap 15.2Debian Debian Linux 9.0Debian Debian Linux 10.0Netapp Oncommand System Manager 3.0Netapp Oncommand System Manager 3.1.3
4.4
CVSSv2
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore;...
Apache TomcatApache Tomcat 9.0.0Apache Tomcat 10.0.0Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Opensuse Leap 15.1Fedoraproject Fedora 31Fedoraproject Fedora 32Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 20.04Oracle Agile Engineering Data Management 6.2.1.0Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Communications Diameter Signaling RouterOracle Communications Element ManagerOracle Communications Session Report ManagerOracle Communications Session Route ManagerOracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1Oracle Instantis EnterprisetrackOracle Managed File Transfer 12.2.1.3.0Oracle Transportation Management 6.3.7Oracle Retail Order Broker 15.0Oracle Workload Manager 18cOracle Workload Manager 19cOracle Workload Manager 12.2.0.1Oracle Siebel Ui FrameworkOracle Mysql Enterprise MonitorOracle Managed File Transfer 12.2.1.4.0Mcafee Epolicy Orchestrator 5.9.0Mcafee Epolicy Orchestrator 5.9.1Mcafee Epolicy Orchestrator 5.10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-33742CVE-2021-33739CVE-2021-0492injectionCVE-2017-1079validationCVE-2021-22906denial of serviceCVE-2021-22912
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook