Skip to main content
CVE-2015-5346 HIGH PATCH Act Now

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 36.2%.

Tomcat Information Disclosure Java Apache Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
36.2%
CVE-2016-0714 HIGH PATCH Act Now

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.2%.

Tomcat RCE Privilege Escalation Apache Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
13.2%
CVE-2015-5351 HIGH PATCH This Week

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Tomcat CSRF Apache Debian Linux Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy