CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-6794 – tomcat: system property disclosure
https://notcve.org/view.php?id=CVE-2016-6794
21 Nov 2016 — When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Cuando se configura un SecurityManager, la capacidad de una aplicación w... • http://rhn.redhat.com/errata/RHSA-2017-0457.html •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-6797 – tomcat: unrestricted access to global resources
https://notcve.org/view.php?id=CVE-2016-6797
21 Nov 2016 — The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. La implementación ResourceLinkFactory en Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0762 – tomcat: timing attack in Realm implementation
https://notcve.org/view.php?id=CVE-2016-0762
21 Nov 2016 — The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Las implementaciones Realm en Apache Tomcat versiones 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8... • http://rhn.redhat.com/errata/RHSA-2017-0457.html • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2016-6796 – tomcat: security manager bypass via JSP Servlet config parameters
https://notcve.org/view.php?id=CVE-2016-6796
21 Nov 2016 — A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Una aplicación web maliciosa en Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 era capaz de eludir un SecurityManager configurado mediante la manipulación de los parámetros de configuración ... • http://rhn.redhat.com/errata/RHSA-2017-0457.html •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 2CVE-2016-5018 – tomcat: security manager bypass via IntrospectHelper utility function
https://notcve.org/view.php?id=CVE-2016-5018
21 Nov 2016 — In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. En Apache Tomcat 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 una aplicación web maliciosa era capaz de omitir un SecurityManager configurado mediante un método utility Tomcat accesible para las aplicaciones web... • https://packetstorm.news/files/id/155873 •
CVSS: 8.1EPSS: 75%CPEs: 18EXPL: 0CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
19 Jul 2016 — Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 44%CPEs: 94EXPL: 0CVE-2016-3092 – tomcat: Usage of vulnerable FileUpload package can result in denial of service
https://notcve.org/view.php?id=CVE-2016-3092
30 Jun 2016 — The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versione... • http://jvn.jp/en/jp/JVN89379547/index.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 27%CPEs: 102EXPL: 0CVE-2015-5345 – tomcat: directory disclosure
https://notcve.org/view.php?id=CVE-2015-5345
23 Feb 2016 — The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. El componente Mapper en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x en versiones anteriores a 8.0.30, y 9.x en versiones anteriores a 9.0.0.M2 pr... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2016-0763 – tomcat: security manager bypass via setGlobalContext()
https://notcve.org/view.php?id=CVE-2016-0763
23 Feb 2016 — The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. El método setG... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 42%CPEs: 72EXPL: 0CVE-2015-5346 – tomcat: Session fixation
https://notcve.org/view.php?id=CVE-2015-5346
22 Feb 2016 — Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Vulnerabilidad de fijación de sesión en Apache Tomcat 7.x en versiones anteriores a 7.0.66, 8.x en versiones anteriore... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html •