CVSS: 5.8EPSS: 9%CPEs: 25EXPL: 0CVE-2019-17569 – tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2019-17569
24 Feb 2020 — The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. La refactorización presente en Apache Tomcat versiones 9.0.28 ha... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0CVE-2019-12418 – tomcat: local privilege escalation
https://notcve.org/view.php?id=CVE-2019-12418
23 Dec 2019 — When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. Cuando Apache Tomcat 9.0.0.M1 hasta 9... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 0CVE-2019-17563 – tomcat: Session fixation when using FORM authentication
https://notcve.org/view.php?id=CVE-2019-17563
23 Dec 2019 — When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Cuando se usa la autenticación FORM con Apache Tomcat 9.0.0.M1 hasta 9.0.29, 8.5.0 hasta 8.5.49 y 7.0.0 hasta 7.0.98, había una ventana estrecha donde un atacan... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 68%CPEs: 29EXPL: 0CVE-2019-10072 – Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-10072
21 Jun 2019 — The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. La solución para el CVE-2019-0199 estaba incompleta y no abordaba el agotamiento de la ventana de conexión HTTP/2 al escribir en de Apache Tomcat versiones d... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •
CVSS: 6.1EPSS: 9%CPEs: 30EXPL: 2CVE-2019-0221 – Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-0221
28 May 2019 — The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. El comando printenv de SSI en Apache Tomcat versión 9.0.0.M1 hasta 9.0.0.17, versión 8.5.0 hasta 8.5.39 y versión 7.0.0 hasta 7.0.93, hace eco de los datos suministrados por el usuario sin escapar, y e... • https://packetstorm.news/files/id/163457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 2%CPEs: 73EXPL: 0CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded a... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html •
CVSS: 9.3EPSS: 94%CPEs: 30EXPL: 14CVE-2019-0232 – Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-0232
15 Apr 2019 — When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour,... • https://packetstorm.news/files/id/153506 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 64%CPEs: 23EXPL: 0CVE-2019-0199 – tomcat: Apache Tomcat HTTP/2 DoS
https://notcve.org/view.php?id=CVE-2019-0199
10 Apr 2019 — The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. La implementación HTTP/2 en Apache Tomcat desde 9.0.0.M1 hasta 9.0.14 y desde 8.5.0 ha... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 88%CPEs: 53EXPL: 3CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
04 Oct 2018 — When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, re... • https://packetstorm.news/files/id/163456 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.1EPSS: 5%CPEs: 23EXPL: 0CVE-2018-8037 – tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
https://notcve.org/view.php?id=CVE-2018-8037
02 Aug 2018 — If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for anot... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •