CVSS: 7.5EPSS: 92%CPEs: 54EXPL: 0CVE-2020-13934 – tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS
https://notcve.org/view.php?id=CVE-2020-13934
14 Jul 2020 — An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. Una conexión directa h2c a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M5 hasta 9.0.36 y versiones 8.5.1 hasta 8.5.56, no publicó el procesador HTTP/1.1 después de la actualización a HTTP/2. Si un ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 1CVE-2020-11996 – tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS
https://notcve.org/view.php?id=CVE-2020-11996
26 Jun 2020 — A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Una secuencia especialmente diseñada de peticiones HTTP/2 enviadas a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M5, versiones 9.0.0.M1 hasta 9.0.35 y versiones 8.5.0 hasta 8.5.55, podría desencadenar un ... • https://github.com/rusakovichma/tomcat-embed-core-9.0.31-CVE-2020-11996 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 93%CPEs: 77EXPL: 19CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
20 May 2020 — When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d)... • https://packetstorm.news/files/id/157924 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 19%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 97%CPEs: 38EXPL: 38CVE-2020-1938 – Apache Tomcat Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-1938
24 Feb 2020 — When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected... • https://packetstorm.news/files/id/180825 • CWE-285: Improper Authorization •
CVSS: 5.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-17569 – tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2019-17569
24 Feb 2020 — The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. La refactorización presente en Apache Tomcat versiones 9.0.28 ha... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2019-17563 – tomcat: Session fixation when using FORM authentication
https://notcve.org/view.php?id=CVE-2019-17563
23 Dec 2019 — When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Cuando se usa la autenticación FORM con Apache Tomcat 9.0.0.M1 hasta 9.0.29, 8.5.0 hasta 8.5.49 y 7.0.0 hasta 7.0.98, había una ventana estrecha donde un atacan... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 93%CPEs: 28EXPL: 3CVE-2019-17571 – log4j: deserialization of untrusted data in SocketServer
https://notcve.org/view.php?id=CVE-2019-17571
20 Dec 2019 — Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando... • https://github.com/shadow-horse/CVE-2019-17571 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 1%CPEs: 18EXPL: 0CVE-2019-1551 – rsaz_512_sqr overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2019-1551
06 Dec 2019 — There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •