Vulmon Recent Vulnerabilities Trends Blog About Contact

tomcat vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv2
CVE-2017-7674
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances....
Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 7.0.75Apache Tomcat 7.0.76Apache Tomcat 7.0.77Apache Tomcat 7.0.78Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.0.40Apache Tomcat 8.0.41Apache Tomcat 8.0.42Apache Tomcat 8.0.43Apache Tomcat 8.0.44Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.15Apache Tomcat 9.0.0
6.4
CVSSv2
CVE-2017-5648
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 7.0.75Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.0.40Apache Tomcat 8.0.41Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.11Apache Tomcat 9.0.0
4.3
CVSSv2
CVE-2011-5063
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 5.5.28Apache Tomcat 5.5.29Apache Tomcat 5.5.30Apache Tomcat 5.5.31Apache Tomcat 5.5.32Apache Tomcat 5.5.33Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11
4
CVSSv2
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that...
Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.15Apache Tomcat 8.5.16Apache Tomcat 8.5.17Apache Tomcat 8.5.18Apache Tomcat 8.5.19Apache Tomcat 8.5.20Apache Tomcat 8.5.21Apache Tomcat 8.5.22Apache Tomcat 8.5.23Apache Tomcat 8.5.24Apache Tomcat 8.5.25Apache Tomcat 8.5.26Apache Tomcat 8.5.27Apache Tomcat 8.5.28Apache Tomcat 8.5.29Apache Tomcat 8.5.30Apache Tomcat 8.5.31Apache Tomcat 8.5.32Apache Tomcat 8.5.33Apache Tomcat 8.5.34Apache Tomcat 8.5.35Apache Tomcat 8.5.36Apache Tomcat 8.5.37Apache Tomcat 8.5.38Apache Tomcat 8.5.39Apache Tomcat 8.5.40Apache Tomcat 8.5.41Apache Tomcat 8.5.42Apache Tomcat 8.5.43Apache Tomcat 8.5.44Apache Tomcat 8.5.45Apache Tomcat 8.5.46Apache Tomcat 8.5.47Apache Tomcat 8.5.48Apache Tomcat 8.5.49Apache Tomcat 8.5.50Apache Tomcat 8.5.51Apache Tomcat 8.5.52Apache Tomcat 8.5.53Apache Tomcat 8.5.54Apache Tomcat 8.5.55Apache Tomcat 8.5.56Apache Tomcat 8.5.57Apache Tomcat 9.0.0Apache Tomcat 9.0.1Apache Tomcat 9.0.2Apache Tomcat 9.0.3Apache Tomcat 9.0.4Apache Tomcat 9.0.5Apache Tomcat 9.0.6Apache Tomcat 9.0.7Apache Tomcat 9.0.8Apache Tomcat 9.0.9Apache Tomcat 9.0.10Apache Tomcat 9.0.11Apache Tomcat 9.0.12Apache Tomcat 9.0.13Apache Tomcat 9.0.14Apache Tomcat 9.0.15Apache Tomcat 9.0.16Apache Tomcat 9.0.17Apache Tomcat 9.0.18Apache Tomcat 9.0.19Apache Tomcat 9.0.20Apache Tomcat 9.0.21Apache Tomcat 9.0.22Apache Tomcat 9.0.23Apache Tomcat 9.0.24Apache Tomcat 9.0.25Apache Tomcat 9.0.26Apache Tomcat 9.0.27Apache Tomcat 9.0.28Apache Tomcat 9.0.29Apache Tomcat 9.0.30Apache Tomcat 9.0.31Apache Tomcat 9.0.32Apache Tomcat 9.0.33Apache Tomcat 9.0.34Apache Tomcat 9.0.35Apache Tomcat 9.0.36Apache Tomcat 9.0.37Apache Tomcat 10.0.0Debian Debian Linux 9.0
5
CVSSv2
CVE-2016-5018
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications....
Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.39Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0
4.3
CVSSv2
CVE-2014-0096
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.52Apache Tomcat 8.0.0Apache Tomcat 8.0.1Apache Tomcat 8.0.3Apache Tomcat 6Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat
5
CVSSv2
CVE-2012-3544
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data....
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.28
4.3
CVSSv2
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier....
Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.28Apache Tomcat 7.0.30
7.5
CVSSv2
CVE-2011-3190
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 5.5.28Apache Tomcat 5.5.29Apache Tomcat 5.5.30Apache Tomcat 5.5.31Apache Tomcat 5.5.32Apache Tomcat 5.5.33
5
CVSSv2
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 5.5.28Apache Tomcat 5.5.29Apache Tomcat 5.5.30Apache Tomcat 5.5.31Apache Tomcat 5.5.32Apache Tomcat 5.5.33Apache Tomcat 5.5.34Apache Tomcat 5.5.35Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.20Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.29Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.35Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.28
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3691insecure direct object referenceCVE-2021-1140CVE-2021-2109information disclosureCVE-2021-1303CVE-2021-1304IDORCVE-2020-14882