Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 8.5.8 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-8747
An information disclosure issue exists in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote malicious users to read data that was intended to be associated with a different request.
Apache Tomcat 8.5.9
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 9.0.0
9.8
CVSSv3
CVE-2017-5651
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This ...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.10
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 9.0.0
7.5
CVSSv3
CVE-2017-5650
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These wait...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.10
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 9.0.0
7.5
CVSSv3
CVE-2017-7675
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.15
Apache Tomcat 8.5.10
Apache Tomcat 8.5.13
Apache Tomcat 8.5.14
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 9.0.0
4.3
CVSSv3
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that co...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.15
Apache Tomcat 8.5.10
Apache Tomcat 8.5.13
Apache Tomcat 8.5.14
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 8.5.16
Apache Tomcat 8.5.17
Apache Tomcat 8.5.18
Apache Tomcat 8.5.19
Apache Tomcat 8.5.20
Apache Tomcat 8.5.21
7.5
CVSSv3
CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error pag...
Apache Tomcat 7.0.2
Apache Tomcat 7.0.49
Apache Tomcat 7.0.12
Apache Tomcat 7.0.62
Apache Tomcat 7.0.20
Apache Tomcat 7.0.34
Apache Tomcat 7.0.58
Apache Tomcat 7.0.8
Apache Tomcat 7.0.55
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.51
Apache Tomcat 7.0.4
Apache Tomcat 7.0.63
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
Apache Tomcat 7.0.72
Apache Tomcat 7.0.76
Apache Tomcat 7.0.71
Apache Tomcat 7.0.28
7.8
CVSSv3
CVE-2016-9774
The postinst script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u4 on Debian wheezy, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u8 on Debian wheezy, prior to 7.0.56-3+deb8u6 on Debian jessie, prior to 7....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Apache Tomcat 8.0
Apache Tomcat 6.0
Apache Tomcat 7.0
7.8
CVSSv3
CVE-2016-9775
The postrm script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u3 on Debian wheezy, prior to 6.0.45+dfsg-1~deb8u1 on Debian jessie, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u7 on Debian wheezy, prior to...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Apache Tomcat 8.0
Apache Tomcat 6.0
Apache Tomcat 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusion
privilege
insecure direct object reference
CVE-2024-37404
CVE-2024-9466
CVE-2024-30118
CVE-2024-47668
CVE-2024-43573
CVE-2024-45144
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started