Exposición de Apache Tomcat
Web servers342
score de exposición
14.493
sitios usan
5
en explotación
19
críticos
CVEs
131 resultadosCVE-2023-28709—Apache Tomcat: Fix for CVE-2023-24998 is incompleteEPSS 51.5%CVE-2023-24998—Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive partsEPSS 46.8%CVE-2019-0221—The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escapiEPSS 45.6%CVE-2018-1323—The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it toEPSS 44.2%CVE-2024-50379CRITICALApache Tomcat: RCE due to TOCTOU issue in JSP compilationEPSS 42.3%CVE-2016-6816—The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HEPSS 39.6%CVE-2020-11996—A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could tEPSS 26.7%CVE-2020-17527—Apache Tomcat: Request header mix-up between HTTP/2 streamsEPSS 24.6%CVE-2024-24549HIGHApache Tomcat: HTTP/2 header handling DoSEPSS 23.1%CVE-2021-24122—Apache Tomcat information disclosureEPSS 22.9%CVE-2018-8014—The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.8EPSS 22.0%CVE-2018-8034HIGHThe host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache TomEPSS 21.3%CVE-2018-1336—An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a DenEPSS 20.6%CVE-2021-25122—Apache Tomcat h2c request mix-upEPSS 18.1%CVE-2018-1304—The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4EPSS 17.7%CVE-2017-5647—A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.7EPSS 16.8%CVE-2017-5664—The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the errorEPSS 16.6%CVE-2016-8745—A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.REPSS 16.0%CVE-2026-34486HIGHApache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptorEPSS 15.4%CVE-2018-1305—Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 tEPSS 15.0%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →