Exposição de Apache Tomcat
Web servers342
score de exposição
14.493
sites usam
5
em exploração
19
críticos
CVEs
131 resultadosCVE-2024-21733MEDIUMApache Tomcat: Leaking of unrelated request bodies in default error pageEPSS 14.3%CVE-2017-5648—While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.EPSS 12.7%CVE-2018-8037—If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existedEPSS 12.1%CVE-2021-42340—DoS via memory leak with WebSocket connectionsEPSS 11.0%CVE-2019-17563—When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where anEPSS 10.7%CVE-2016-5018—In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application EPSS 10.3%CVE-2017-7675—The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented dirEPSS 10.1%CVE-2021-30640—Auth weakness in JNDIRealmEPSS 9.9%CVE-2021-25329—Incomplete fix for CVE-2020-9484EPSS 9.5%CVE-2020-1935—In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsinEPSS 9.4%CVE-2025-55754CRITICALApache Tomcat: console manipulation via escape sequences in log messagesEPSS 9.2%CVE-2019-17569—The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the EPSS 8.9%CVE-2024-56337CRITICALApache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incompleteEPSS 8.9%CVE-2016-6796—A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 toEPSS 8.3%CVE-2017-5650—In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams asEPSS 8.3%CVE-2016-6797—The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0EPSS 8.1%CVE-2017-5651—In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file EPSS 7.8%CVE-2016-0762—The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to EPSS 7.7%CVE-2022-25762—Response mix-up with WebSocket concurrent send and closeEPSS 7.5%CVE-2016-6817HIGHThe HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that waEPSS 7.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →