CVSS: 7.5EPSS: 12%CPEs: 48EXPL: 0CVE-2018-8034 – tomcat: Host name verification missing in WebSocket client
https://notcve.org/view.php?id=CVE-2018-8034
25 Jul 2018 — The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. No hay verificación del nombre del host al emplear TLS con el cliente WebSocket. Ahora está habilitado por defecto. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 12%CPEs: 48EXPL: 0CVE-2018-1336 – tomcat: A bug in the UTF-8 decoder can lead to DoS
https://notcve.org/view.php?id=CVE-2018-1336
25 Jul 2018 — An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Una gestión incorrecta del desbordamiento en el decodificador UTF-8 con caracteres suplementarios puede conducir a un bucle infinito en el decodificador, provocando una denegación de servicio (DoS). Versiones afectadas: Apache Tomcat de la vers... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 53%CPEs: 18EXPL: 0CVE-2018-8014 – tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
https://notcve.org/view.php?id=CVE-2018-8014
16 May 2018 — The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. Las opciones por defecto para el filtro CORS proporcionado en Apache Tomc... • http://tomcat.apache.org/security-7.html • CWE-284: Improper Access Control CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.5EPSS: 3%CPEs: 51EXPL: 2CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
28 Feb 2018 — The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patró... • https://github.com/knqyf263/CVE-2018-1304 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 11%CPEs: 50EXPL: 1CVE-2018-1305 – tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
https://notcve.org/view.php?id=CVE-2018-1305
23 Feb 2018 — Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Las restricc... • https://github.com/Pa55w0rd/CVE-2018-1305 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 4%CPEs: 13EXPL: 0CVE-2017-15706 – Ubuntu Security Notice USN-3665-1
https://notcve.org/view.php?id=CVE-2017-15706
31 Jan 2018 — As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the docu... • http://www.securityfocus.com/bid/103069 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.1EPSS: 94%CPEs: 175EXPL: 15CVE-2017-12617 – Apache Tomcat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12617
03 Oct 2017 — When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Al ejecutar Apache Tomcat desde la versión 9.0.0.M1 hasta la 9.0.0, desde la 8.5.0 hasta la 8.5.22, desde la 8.0... • https://packetstorm.news/files/id/144557 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 4%CPEs: 123EXPL: 0CVE-2017-7674 – tomcat: Vary header not added by CORS filter leading to cache poisoning
https://notcve.org/view.php?id=CVE-2017-7674
11 Aug 2017 — The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. CORS Filter en Apache Tomcat 9.0.0.M1 a 9.0.0.M21, 8.5.0 a 8.5.15, 8.0.0.RC1 a 8.0.44 y 7.0.41 a 7.0.78 no añadió un encabezado HTTP Vary indicando que la respuesta varía dependiendo de Origin. Esto permitía, en algunas circunstanci... • http://www.debian.org/security/2017/dsa-3974 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 3%CPEs: 37EXPL: 0CVE-2017-7675
https://notcve.org/view.php?id=CVE-2017-7675
11 Aug 2017 — The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. La implementación HTTP/2 en Apache Tomcat en sus versiones 9.0.0.M1 a 9.0.0.M21 y 8.5.0 a 8.5.15 eludía una serie de verificaciones de seguridad que prevenían ataques de salto de directorio. Por lo tanto, era posible eludir restricciones de seguridad emplean... • http://www.debian.org/security/2017/dsa-3974 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6817
https://notcve.org/view.php?id=CVE-2016-6817
10 Aug 2017 — The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. El parser de cabecera HTTP/2 en Apache Tomcat en sus versiones 9.0.0.M1 a 9.0.0.M11 y 8.5.0 a 8.5.6 entraba en un bucle infinito si la cabecera recibida era mayor que el búfer disponible. Esto hizo que fuese posible realizar un ataque de denegación de servicio. • http://www.securityfocus.com/bid/94462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •