CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25762 – Response mix-up with WebSocket concurrent send and close
https://notcve.org/view.php?id=CVE-2022-25762
13 May 2022 — If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wro... • https://lists.apache.org/thread/6ckmjfb1k61dyzkto9vm2k5jvt4o7w7c • CWE-226: Sensitive Information in Resource Not Removed Before Reuse CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 66%CPEs: 20EXPL: 4CVE-2022-29885 – EncryptInterceptor does not provide complete protection on insecure networks
https://notcve.org/view.php?id=CVE-2022-29885
12 May 2022 — The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. La documentación de Apache Tomcat versiones 10.1.0-M1 a 10.1.0-... • https://packetstorm.news/files/id/171728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-23181 – Local privilege escalation with FileStore
https://notcve.org/view.php?id=CVE-2022-23181
27 Jan 2022 — The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Ap... • https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 2%CPEs: 37EXPL: 0CVE-2021-42340 – DoS via memory leak with WebSocket connections
https://notcve.org/view.php?id=CVE-2021-42340
14 Oct 2021 — The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. La corrección del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0... • https://kc.mcafee.com/corporate/index?page=content&id=SB10379 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41079 – Apache Tomcat DoS with unexpected TLS packet
https://notcve.org/view.php?id=CVE-2021-41079
16 Sep 2021 — Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Apache Tomcat versiones 8.5.0 hasta 8.5.63, versiones 9.0.0-M1 hasta 9.0.43 y versiones 10.0.0-M1 hasta 10.0.2, no comprueban apropiadamente los paquetes TLS entrantes. Cuando Tomcat estaba configurado para usar NIO+... • https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 4%CPEs: 42EXPL: 0CVE-2021-33037 – Incorrect Transfer-Encoding handling with HTTP/1.0
https://notcve.org/view.php?id=CVE-2021-33037
12 Jul 2021 — Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-30640 – Auth weakness in JNDIRealm
https://notcve.org/view.php?id=CVE-2021-30640
12 Jul 2021 — A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Una vulnerabilidad en el ámbito JNDI de Apache Tomcat permite a un atacante autenticarse usando variaciones de un nombre de usuario válido y/o omitir parte de la protección proporcionada por el ámbito LockOut. Este problema af... • https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E • CWE-116: Improper Encoding or Escaping of Output CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-30639 – DoS after non-blocking IO error
https://notcve.org/view.php?id=CVE-2021-30639
12 Jul 2021 — A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility o... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 2%CPEs: 55EXPL: 0CVE-2021-25122 – Apache Tomcat h2c request mix-up
https://notcve.org/view.php?id=CVE-2021-25122
01 Mar 2021 — When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. Cuando se responde a nuevas peticiones de conexión h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podrían duplicar los encabezados de petici... • http://www.openwall.com/lists/oss-security/2021/03/01/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 4%CPEs: 60EXPL: 0CVE-2021-25329 – Incomplete fix for CVE-2020-9484
https://notcve.org/view.php?id=CVE-2021-25329
01 Mar 2021 — The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. La corrección para el CVE-2020-9484 estaba incompleta. Cuando se usa Apache To... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-502: Deserialization of Untrusted Data •