cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-56337,https://securityvulnerability.io/vulnerability/CVE-2024-56337,Race Condition Vulnerability in Apache Tomcat Affects Multiple Versions,"CVE-2024-56337 is a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability affecting Apache Tomcat across several versions. The vulnerability arises when Tomcat is run on a case-insensitive file system with the default servlet write capability enabled. Users may be exposed if they do not properly configure their systems as the initial workaround for CVE-2024-50379 was insufficient. Specifically, additional configuration is vital for systems utilizing Java 8 or Java 11, where the system property 'sun.io.useCanonCaches' needs to be set to false. For Java 17, the same property, if originally set, must also be false, while Tomcat versions 11.0.3, 10.1.35, and 9.0.99 and higher will check this setting before allowing default servlet write access on case-insensitive file systems, automatically applying the appropriate configurations where applicable.",Apache,Apache Tomcat,9.8,CRITICAL,0.0004299999854993075,false,true,false,false,,true,true,2024-12-20T16:15:00.000Z,6396 CVE-2024-50379,https://securityvulnerability.io/vulnerability/CVE-2024-50379,Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution,"The vulnerability allows an attacker to potentially execute arbitrary code on systems running Apache Tomcat, specifically when the default servlet is enabled for write access, and the system is utilizing case insensitive file systems. This occurs due to a timing issue during JSP compilation, which results in a time-of-check time-of-use (TOCTOU) race condition. The affected versions include Apache Tomcat from 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0.M1 to 9.0.97. To mitigate this vulnerability, it is crucial for users to upgrade to the patched versions: 11.0.2, 10.1.34, or 9.0.98.",Apache,Apache Tomcat,9.8,CRITICAL,0.0004299999854993075,false,true,false,true,true,true,true,2024-12-17T13:15:00.000Z,9063 CVE-2024-52316,https://securityvulnerability.io/vulnerability/CVE-2024-52316,Unchecked Error Condition Vulnerability Affects Apache Tomcat,"Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",Apache,Apache Tomcat,,,0.0004299999854993075,false,false,false,true,true,false,false,2024-11-18T12:15:00.000Z,0 CVE-2024-38286,https://securityvulnerability.io/vulnerability/CVE-2024-38286,Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions,"A resource allocation vulnerability exists in Apache Tomcat, allowing attackers to exploit the TLS handshake process. This exploitation can lead to an OutOfMemoryError under specific configurations on any platform, potentially affecting the availability of the application. The issue impacts several versions of Apache Tomcat, prompting users to update to secure versions 11.0.0-M21, 10.1.25, or 9.0.90 to mitigate this risk. Older, unsupported versions of the software may also be vulnerable.",Apache,Apache Tomcat,8.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T07:37:32.224Z,0 CVE-2024-34750,https://securityvulnerability.io/vulnerability/CVE-2024-34750,"Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption Vulnerability Affects Apache Tomcat","The vulnerability CVE-2024-34750 affects Apache Tomcat, an open-source server, and can be exploited to overload the server's computing resources, leading to a Denial of Service (DoS) attack. The vulnerability affects various versions of Apache Tomcat, and it was discovered directly by the Tomcat security team. The issue stems from an improper handling of HTTP/2 streams, resulting in an incorrect infinite timeout, which allows connections to remain open when they should have been closed. The impact of this vulnerability can be severe, causing service slowdowns or outages. It is recommended to update Tomcat to the patched versions to mitigate the risk. There is a high urgency in addressing this vulnerability due to its potential impact on service availability.",Apache,Apache Tomcat,,,0.0004299999854993075,false,true,false,true,,false,false,2024-07-03T20:15:00.000Z,0 CVE-2024-23672,https://securityvulnerability.io/vulnerability/CVE-2024-23672,Incomplete Cleanup Vulnerability in Apache Tomcat Could Lead to Denial of Service,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. ",Apache,Apache Tomcat,,,0.0004400000034365803,false,false,false,false,,false,false,2024-03-13T15:48:42.610Z,0 CVE-2024-24549,https://securityvulnerability.io/vulnerability/CVE-2024-24549,Apache Tomcat Denial of Service Vulnerability Affects Multiple Versions,"Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. ",Apache,Apache Tomcat,,,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-13T15:46:53.085Z,0 CVE-2024-21733,https://securityvulnerability.io/vulnerability/CVE-2024-21733,Apache Tomcat Vulnerability: Generation of Error Message Containing Sensitive Information,"A vulnerability has been identified in Apache Tomcat that allows for the generation of error messages containing sensitive information. This susceptibility affects versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 of Apache Tomcat. It can potentially expose critical information that may assist an attacker in further compromising the system. Users are advised to upgrade to versions 8.5.64 or later, or 9.0.44 or later, which implement necessary security fixes to mitigate this issue.",Apache,Apache Tomcat,5.3,MEDIUM,0.004879999905824661,false,true,false,true,true,true,false,2024-01-19T10:29:04.694Z,5574 CVE-2023-46589,https://securityvulnerability.io/vulnerability/CVE-2023-46589,Apache Tomcat: HTTP request smuggling via malformed trailer headers,"An improper input validation vulnerability has been identified in Apache Tomcat, affecting several versions. This flaw arises from incorrect parsing of HTTP trailer headers, which can allow a single request to be misinterpreted as multiple requests. As a result, this can lead to potential request smuggling issues when the server is situated behind a reverse proxy. It is crucial for users to update to the fixed versions—11.0.0-M11 and onwards, 10.1.16 and onwards, 9.0.83 and onwards, or 8.5.96 and onwards—to mitigate this risk.",Apache,Apache Tomcat,7.5,HIGH,0.005960000213235617,false,false,false,false,,false,false,2023-11-28T16:15:00.000Z,0 CVE-2023-45648,https://securityvulnerability.io/vulnerability/CVE-2023-45648,Tomcat vulnerable to Improper Input Validation attack,"Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. ",Apache,Apache Tomcat,5.3,MEDIUM,0.004470000043511391,false,false,false,false,,false,false,2023-10-10T19:15:00.000Z,0 CVE-2023-42795,https://securityvulnerability.io/vulnerability/CVE-2023-42795,Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests,"Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. ",Apache,Apache Tomcat,5.3,MEDIUM,0.014329999685287476,false,false,false,false,,false,false,2023-10-10T18:15:00.000Z,0 CVE-2023-42794,https://securityvulnerability.io/vulnerability/CVE-2023-42794,Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows,"An incomplete cleanup vulnerability in the internal fork of Commons FileUpload within Apache Tomcat affects versions 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93. If a web application opens a stream for an uploaded file without closing it, the associated file remains on disk, potentially leading to a denial-of-service condition when disk space is exhausted. Users are advised to upgrade to Apache Tomcat versions 9.0.81 or 8.5.94 to mitigate this issue.",Apache,Apache Tomcat,7.5,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2023-10-10T18:15:00.000Z,0 CVE-2023-41081,https://securityvulnerability.io/vulnerability/CVE-2023-41081,Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request,"The mod_jk component of Apache Tomcat Connectors allows for an authentication bypass under specific configuration conditions. If 'JkOptions +ForwardDirectories' is used without providing explicit mounts for all proxied requests, mod_jk defaults to an implicit mapping. This can inadvertently expose the status worker and compromise security constraints set in Apache HTTP Server. Users are advised to upgrade to mod_jk version 1.2.49 or later, where the problematic implicit mapping functionality has been eliminated, ensuring all mappings require explicit configuration.",Apache,Apache Tomcat Connectors,7.5,HIGH,0.002300000051036477,false,false,false,false,,false,false,2023-09-13T10:15:00.000Z,0 CVE-2023-41080,https://securityvulnerability.io/vulnerability/CVE-2023-41080,Apache Tomcat: Open redirect with FORM authentication,"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.",Apache,Apache Tomcat,6.1,MEDIUM,0.0038300000596791506,false,false,false,true,true,false,false,2023-08-25T21:15:00.000Z,0 CVE-2023-34981,https://securityvulnerability.io/vulnerability/CVE-2023-34981,Apache Tomcat: AJP response header mix-up,"A regression in the security fix related to a previous bug within Apache Tomcat has introduced a vulnerability that can lead to information disclosure. Specifically, when the response lacks HTTP headers, the AJP SEND_HEADERS message is not sent. This omission allows at least one AJP proxy (mod_proxy_ajp) to unintentionally reuse the response headers from prior requests. This misbehavior could result in sensitive information being exposed, compromising the server's overall security.",Apache,Apache Tomcat,7.5,HIGH,0.001979999942705035,false,false,false,false,,false,false,2023-06-21T11:15:00.000Z,0 CVE-2023-28709,https://securityvulnerability.io/vulnerability/CVE-2023-28709,Apache Tomcat: Fix for CVE-2023-24998 is incomplete,"The vulnerability arises due to an incomplete fix for a prior issue in Apache Tomcat, affecting certain versions where custom HTTP connector settings have been configured. This flaw allows attackers to exploit bypass mechanisms for the maximum number of request parameters, permitting them to circumvent the restrictions imposed on uploaded request parts. An attacker could utilize this behavior to potentially launch a denial of service attack by submitting crafted requests that exploit the parameter limits, leading to service disruption.",Apache,Apache Tomcat,7.5,HIGH,0.016699999570846558,false,false,false,false,,false,false,2023-05-22T11:15:00.000Z,0 CVE-2023-28708,https://securityvulnerability.io/vulnerability/CVE-2023-28708,Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations," When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. ",Apache,Apache Tomcat,4.3,MEDIUM,0.0013299999991431832,false,false,false,false,,false,false,2023-03-22T11:15:00.000Z,0 CVE-2023-24998,https://securityvulnerability.io/vulnerability/CVE-2023-24998,"Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts","The Apache Commons FileUpload before version 1.5 is susceptible to a Denial of Service attack due to its failure to restrict the number of parts processed in a request. This oversight allows an attacker to exploit the system by making malicious uploads or sending a series of uploads, potentially overwhelming the application. Additionally, the new configuration option, FileUploadBase#setFileCountMax, which addresses this issue by limiting the number of request parts, is not enabled by default and requires explicit configuration to safeguard against these attacks.",Apache,"Apache Commons Fileupload,Apache Tomcat",7.5,HIGH,0.016019999980926514,false,false,false,true,true,false,false,2023-02-20T16:15:00.000Z,0 CVE-2022-45143,https://securityvulnerability.io/vulnerability/CVE-2022-45143,Apache Tomcat: JsonErrorReportValve escaping,"The JsonErrorReportValve in Apache Tomcat versions 8.5.83, 9.0.40 to 9.0.68, and 10.1.0-M1 to 10.1.1 exposes a vulnerability due to improper handling of user-provided data. Specifically, the system fails to escape values for the type, message, or description, allowing attackers to manipulate JSON output. This flaw could potentially be exploited to compromise the integrity of the application by injecting malicious data, leading to variable outcome in how information is rendered in JSON format.",Apache,Apache Tomcat,7.5,HIGH,0.002749999985098839,false,false,false,false,,false,false,2023-01-03T18:12:28.351Z,0 CVE-2022-42252,https://securityvulnerability.io/vulnerability/CVE-2022-42252,Apache Tomcat request smuggling via malformed content-length,"If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",Apache,Apache Tomcat,7.5,HIGH,0.002400000113993883,false,false,false,false,,false,false,2022-11-01T00:00:00.000Z,0 CVE-2021-43980,https://securityvulnerability.io/vulnerability/CVE-2021-43980,Apache Tomcat: Information disclosure,"The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",Apache,Apache Tomcat,3.7,LOW,0.0014900000533089042,false,false,false,false,,false,false,2022-09-28T00:00:00.000Z,0 CVE-2022-34305,https://securityvulnerability.io/vulnerability/CVE-2022-34305,XSS in examples web application,"In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.",Apache,Apache Tomcat,6.1,MEDIUM,0.0015399999683722854,false,false,false,false,,false,false,2022-06-23T10:30:16.000Z,0 CVE-2022-25762,https://securityvulnerability.io/vulnerability/CVE-2022-25762,Response mix-up with WebSocket concurrent send and close,"If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.",Apache,Apache Tomcat,8.6,HIGH,0.00215000007301569,false,false,false,false,,false,false,2022-05-13T07:50:09.000Z,0 CVE-2022-29885,https://securityvulnerability.io/vulnerability/CVE-2022-29885,EncryptInterceptor does not provide complete protection on insecure networks,"The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.",Apache,Apache Tomcat,7.5,HIGH,0.07018999755382538,false,false,false,true,true,false,false,2022-05-12T00:00:00.000Z,0 CVE-2022-23181,https://securityvulnerability.io/vulnerability/CVE-2022-23181,Local privilege escalation with FileStore,"The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",Apache,Apache Tomcat,7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2022-01-27T00:00:00.000Z,0