Skip to main content
CVE-2015-5346 HIGH PATCH Act Now

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 36.2%.

Tomcat Information Disclosure Java Apache Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
36.2%
CVE-2015-5345 MEDIUM PATCH This Month

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3%.

Path Traversal Tomcat Apache Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
43.3%
CVE-2016-0714 HIGH PATCH Act Now

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.2%.

Tomcat RCE Privilege Escalation Apache Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
13.2%
CVE-2015-5351 HIGH PATCH This Week

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Tomcat CSRF Apache Debian Linux Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2016-0763 MEDIUM PATCH This Month

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2015-5174 MEDIUM PATCH This Month

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tomcat Java Apache Debian Linux +1
NVD
CVSS 3.0
4.3
EPSS
3.7%
CVE-2016-0706 MEDIUM PATCH This Month

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Information Disclosure Apache Ubuntu Linux Debian Linux
NVD
CVSS 3.0
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy