Exposição de Apache Tomcat

Web servers

342

score de exposição

14.493

sites usam

5

em exploração

19

críticos

CVEs

131 resultados

CVE-2016-8747HIGHAn information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. HEPSS 7.2%CVE-2016-6794—When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In EPSS 7.2%CVE-2021-30639—DoS after non-blocking IO errorEPSS 6.9%CVE-2017-7674—The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary hEPSS 6.8%CVE-2021-41079—Apache Tomcat DoS with unexpected TLS packetEPSS 6.7%CVE-2024-52316CRITICALApache Tomcat: Authentication bypass when using Jakarta Authentication APIEPSS 6.3%CVE-2017-15706—As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7EPSS 6.2%CVE-2022-34305—XSS in examples web applicationEPSS 6.2%CVE-2023-41080—Apache Tomcat: Open redirect with FORM authenticationEPSS 6.0%CVE-2023-45648MEDIUMApache Tomcat: Trailer header parsing too lenientEPSS 5.8%CVE-2024-34750HIGHApache Tomcat: HTTP/2 excess header handling DoSEPSS 4.6%CVE-2018-8020—Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lisEPSS 4.2%CVE-2025-31651CRITICALApache Tomcat: Bypass of rules in Rewrite ValveEPSS 4.2%CVE-2018-8019—When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This alloEPSS 4.1%CVE-2026-29146HIGHApache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by defaultEPSS 3.6%CVE-2017-15698—When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not coEPSS 3.6%CVE-2025-48989HIGHApache Tomcat: h2 DoS - Made You ResetEPSS 3.4%CVE-2025-49125HIGHApache Tomcat: Security constraint bypass for pre/post-resourcesEPSS 3.2%CVE-2023-46589HIGHApache Tomcat: HTTP request smuggling via malformed trailer headersEPSS 2.7%CVE-2025-46701HIGHApache Tomcat: Security constraint bypass for CGI scriptsEPSS 2.6%

← anteriorpágina 4 / 7próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →