CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 15CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 1CVE-2020-8022 – User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
https://notcve.org/view.php?id=CVE-2020-8022
29 Jun 2020 — A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 73EXPL: 0CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded a... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html •
CVSS: 7.5EPSS: 1%CPEs: 48EXPL: 0CVE-2018-1336 – tomcat: A bug in the UTF-8 decoder can lead to DoS
https://notcve.org/view.php?id=CVE-2018-1336
25 Jul 2018 — An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Una gestión incorrecta del desbordamiento en el decodificador UTF-8 con caracteres suplementarios puede conducir a un bucle infinito en el decodificador, provocando una denegación de servicio (DoS). Versiones afectadas: Apache Tomcat de la vers... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 2CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
28 Feb 2018 — The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patró... • https://github.com/knqyf263/CVE-2018-1304 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 205EXPL: 0CVE-2017-5647 – tomcat: Incorrect handling of pipelined requests when send file was used
https://notcve.org/view.php?id=CVE-2017-5647
17 Apr 2017 — A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B ... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-6797 – tomcat: unrestricted access to global resources
https://notcve.org/view.php?id=CVE-2016-6797
24 Jan 2017 — The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. La implementación ResourceLinkFactory en Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 2CVE-2016-5018 – tomcat: security manager bypass via IntrospectHelper utility function
https://notcve.org/view.php?id=CVE-2016-5018
24 Jan 2017 — In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. En Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 una aplicación web maliciosa era capaz de omitir un SecurityManager configurado mediante un método utility Tomcat accesible para las aplicaciones web... • https://packetstorm.news/files/id/155873 •
CVSS: 5.9EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0762 – tomcat: timing attack in Realm implementation
https://notcve.org/view.php?id=CVE-2016-0762
24 Jan 2017 — The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Las implementaciones Realm en Apache Tomcat versiones 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-6794 – tomcat: system property disclosure
https://notcve.org/view.php?id=CVE-2016-6794
24 Jan 2017 — When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Cuando se configura un SecurityManager, la capacidad de una aplicación w... • http://rhn.redhat.com/errata/RHSA-2017-0457.html •