Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat vulnerabilities and exploits

(subscribe to this query)

9.8
CVSSv3
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have...
Apache Tomcat 9.0.0Apache Tomcat 8.0.0Apache TomcatCanonical Ubuntu Linux 17.10Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Debian Debian Linux 8.0Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Snapcenter Server -Netapp Oncommand Unified ManagerNetapp Storage Automation Store -Netapp Oncommand Unified Manager
9.8
CVSSv3
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This...
Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 8.5.0Apache Tomcat 9.0.0
9.8
CVSSv3
CVE-2016-6808
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42....
Apache Tomcat Jk Connector
9.8
CVSSv3
CVE-2016-8735
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't...
Apache Tomcat 6.0.0Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.39Apache Tomcat 6.0.4Apache Tomcat 6.0.46Apache Tomcat 6.0.47Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.2Apache Tomcat 6.0.20Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.29Apache Tomcat 6.0.3Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 6.0.9Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.39Apache Tomcat 7.0.4Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.69Apache Tomcat 7.0.7Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.2Apache Tomcat 7.0.20Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.5Apache Tomcat 7.0.50Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.72Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.29Apache Tomcat 7.0.3Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.51Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.6Apache Tomcat 7.0.60Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 8.0.1Apache Tomcat 8.0.10Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.29Apache Tomcat 8.0.3Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.9Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.19Apache Tomcat 8.0.2Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.0Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.38Apache Tomcat 8.0.4Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 9.0.0
9.8
CVSSv3
CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform...
Redhat Jboss Enterprise Web Server 3.0.0Redhat Jboss Enterprise Soa Platform 5.0.0Redhat Jboss Bpm Suite 6.0.0Redhat Jboss A-mq 6.0.0Redhat Subscription Asset Manager 1.3.0Redhat Openshift 3.0Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Portal 6.0.0Redhat Jboss Operations Network 3.0Redhat Jboss Fuse Service Works 6.0Redhat Jboss Enterprise Brms Platform 5.0.0Redhat Jboss Data Virtualization 6.0.0Redhat Data Grid 6.0.0Redhat Xpaas 3.0.0Redhat Jboss Fuse 6.0.0Redhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Data Virtualization 5.0.0Redhat Jboss Enterprise Brms Platform 6.0.0
9.8
CVSSv3
CVE-2016-1000031
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...
Apache Commons Fileupload
8.8
CVE-2023-0100
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP...
Eclipse Business Intelligence And Reporting Tools
9.8
CVSSv3
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be...
Apache TomcatApache Geode 1.12.0Fedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32Oracle Transportation Management 6.3.7Oracle Hospitality Guest Access 4.2.0Oracle Hospitality Guest Access 4.2.1Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Instantis EnterprisetrackOracle Mysql Enterprise MonitorOracle Health Sciences Empirica Signal 7.3.3Oracle Agile Engineering Data Management 6.2.1.0Oracle Communications Element Manager 8.1.1Oracle Communications Element Manager 8.2.0Oracle Communications Element Manager 8.2.1Oracle Communications Instant Messaging Server 10.0.1.4.0Oracle Health Sciences Empirica Inspections 1.0.1.2Oracle Siebel Ui FrameworkOracle Workload Manager 12.2.0.1Oracle Workload Manager 18cOracle Workload Manager 19cDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Opensuse Leap 15.1Blackberry Good ControlBlackberry Workspaces Server 7.0.1Blackberry Workspaces Server 7.1.2Blackberry Workspaces Server 9.0Blackberry Workspaces Server 8.1.0
9.1
CVSSv3
CVE-2016-5018
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications....
Apache TomcatApache Tomcat 9.0.0Netapp Oncommand Insight -Netapp Oncommand Shift -Netapp Snap Creator Framework -Canonical Ubuntu Linux 16.04Debian Debian Linux 8.0Redhat Jboss Enterprise Application Platform 6.4Redhat Jboss Enterprise Web Server 3.0.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Eus 7.4Redhat Enterprise Linux Eus 7.5Redhat Enterprise Linux Eus 7.6Redhat Enterprise Linux Eus 7.7Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Tus 7.7Redhat Enterprise Linux Workstation 7.0Oracle Tekelec Platform Distribution
9.1
CVSSv3
CVE-2017-5648
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a...
Apache Tomcat 7.0.75Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 8.0.41Apache Tomcat 8.0.0Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.39Apache Tomcat 8.0.40Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.1Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.11Apache Tomcat 8.5.0Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 9.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remoteCVE-2022-47986CVE-2023-20963CVE-2023-1013CVE-2022-43628CVE-2023-1014log injectionCVE-2022-43639SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook