Skip to main content
CVE-2015-5345 MEDIUM PATCH This Month

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3%.

Path Traversal Tomcat Apache Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.3
EPSS
43.3%
CVE-2016-0763 MEDIUM PATCH This Month

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2015-5174 MEDIUM PATCH This Month

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tomcat Java Apache Debian Linux +1
NVD
CVSS 3.0
4.3
EPSS
3.7%
CVE-2016-0706 MEDIUM PATCH This Month

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Information Disclosure Apache Ubuntu Linux Debian Linux
NVD
CVSS 3.0
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy