| CVE-2023-44487 |
high |
7.5 |
10.0 |
|
|
|
3y ago |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2025-24813 |
medium |
— |
8.0 |
|
|
|
1y ago |
Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request. |
| CVE-2020-1938 |
medium |
— |
8.0 |
|
|
|
6y ago |
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… |
| CVE-2017-12617 |
unknown |
— |
2.5 |
|
|
|
4y ago |
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serv… |
| CVE-2017-12615 |
unknown |
— |
2.5 |
|
|
|
8y ago |
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it conta… |
