| CVE-2023-42795 |
medium |
— |
5.5 |
|
|
|
2y ago |
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0… |
| CVE-2023-42794 |
medium |
— |
5.5 |
|
|
|
2y ago |
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in pro… |
| CVE-2023-28709 |
medium |
— |
5.5 |
|
|
|
3y ago |
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used suc… |
| CVE-2023-24998 |
medium |
— |
5.5 |
|
|
|
3y ago |
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploa… |
| CVE-2020-17527 |
medium |
— |
5.5 |
|
|
|
4y ago |
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream re… |
| CVE-2014-0095 |
medium |
— |
5.0 |
|
|
|
12y ago |
Denial of service in Apache Tomcat |
| CVE-2014-0075 |
medium |
— |
5.0 |
|
|
|
12y ago |
Integer Overflow or Wraparound in Apache Tomcat |
| CVE-2026-32990 |
unknown |
— |
— |
|
|
|
2mo ago |
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, fro… |
| CVE-2026-24734 |
unknown |
— |
— |
|
|
|
4mo ago |
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verific… |
| CVE-2024-52317 |
unknown |
— |
— |
|
|
|
2y ago |
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between us… |
| CVE-2024-21733 |
unknown |
— |
— |
|
|
|
2y ago |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL vers… |
| CVE-2023-34981 |
unknown |
— |
— |
|
|
|
3y ago |
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th… |
| CVE-2022-42252 |
unknown |
— |
— |
|
|
|
4y ago |
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default f… |
| CVE-2020-13943 |
unknown |
— |
— |
|
|
|
4y ago |
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation o… |
