The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apache Tomcat

Apache Tomcat: information disclosure via HTTP/2 Concurrent Streams Request Mix-up
An attacker can bypass access restrictions to data via HTTP/2 Concurrent Streams Request Mix-up of Apache Tomcat, in order to obtain sensitive information...
CVE-2020-13943, DLA-2407-1, DSA-2021-001, openSUSE-SU-2020:1799-1, openSUSE-SU-2020:1842-1, SUSE-SU-2020:2996-1, SUSE-SU-2020:3068-1, SUSE-SU-2020:3069-1, VIGILANCE-VUL-33544
Apache Tomcat: overload via WebSocket
An attacker can trigger an overload via WebSocket of Apache Tomcat, in order to trigger a denial of service...
6344075, bulletinjul2020, CERTFR-2020-AVI-626, cpujan2021, cpuoct2020, CVE-2020-13935, DLA-2286-1, DSA-2020-211, DSA-4627-1, HPESBUX04015, openSUSE-SU-2020:1102-1, openSUSE-SU-2020:1111-1, RHSA-2020:3382-01, RHSA-2020:3383-01, RHSA-2020:4004-01, SB10332, SUSE-SU-2020:2037-1, SUSE-SU-2020:2045-1, SUSE-SU-2020:2046-1, SUSE-SU-2020:2047-1, SUSE-SU-2020:2611-1, USN-4448-1, USN-4596-1, VIGILANCE-VUL-32793
Apache Tomcat: denial of service via HTTP/2
An attacker can trigger a fatal error via HTTP/2 of Apache Tomcat, in order to trigger a denial of service...
6344075, bulletinjul2020, CERTFR-2020-AVI-626, cpujan2021, cpuoct2020, CVE-2020-13934, DLA-2286-1, DSA-2020-211, DSA-4627-1, openSUSE-SU-2020:1102-1, openSUSE-SU-2020:1111-1, SUSE-SU-2020:2037-1, SUSE-SU-2020:2045-1, SUSE-SU-2020:2046-1, SUSE-SU-2020:2047-1, USN-4596-1, VIGILANCE-VUL-32792
Apache Tomcat: code execution via Enabled AJP Connector
An attacker can use a vulnerability via Enabled AJP Connector of Apache Tomcat, in order to run code...
bulletinapr2020, CERTFR-2020-AVI-112, cpujul2020, CVE-2020-1938, DLA-2133-1, DLA-2209-1, DSA-4673-1, DSA-4680-1, FEDORA-2020-04ac174fa9, FEDORA-2020-c870aa8378, HPESBUX04015, openSUSE-SU-2020:0345-1, openSUSE-SU-2020:0597-1, RHSA-2020:0855-01, RHSA-2020:0912-01, RHSA-2020:1478-01, RHSA-2020:1479-01, RHSA-2020:2779-01, RHSA-2020:2780-01, RHSA-2020:2781-01, RHSA-2020:2783-01, RHSA-2020:2840-01, SUSE-SU-2020:0598-1, SUSE-SU-2020:0631-1, SUSE-SU-2020:0632-1, SUSE-SU-2020:0725-1, SUSE-SU-2020:1111-1, SUSE-SU-2020:1126-1, SUSE-SU-2020:1272-1, SUSE-SU-2020:14342-1, VIGILANCE-VUL-31664
Apache Tomcat: information disclosure via Reverse Proxy Transfer-Encoding End-of-line HTTP Request Smuggling
An attacker can bypass access restrictions to data via Reverse Proxy Transfer-Encoding End-of-line HTTP Request Smuggling of Apache Tomcat, in order to obtain sensitive information...
bulletinapr2020, cpujul2020, CVE-2020-1935, DLA-2133-1, DLA-2209-1, DSA-4673-1, DSA-4680-1, HPESBUX04015, openSUSE-SU-2020:0345-1, RHSA-2020:5020-01, SUSE-SU-2020:0598-1, SUSE-SU-2020:0631-1, SUSE-SU-2020:0632-1, SUSE-SU-2020:2611-1, USN-4448-1, VIGILANCE-VUL-31663
Apache Tomcat: information disclosure via Reverse Proxy Transfer-Encoding Header HTTP Request Smuggling
An attacker can bypass access restrictions to data via Reverse Proxy Transfer-Encoding Header HTTP Request Smuggling of Apache Tomcat, in order to obtain sensitive information...
bulletinapr2020, cpujul2020, CVE-2019-17569, DLA-2133-1, DSA-4673-1, DSA-4680-1, HPESBUX04015, openSUSE-SU-2020:0345-1, SUSE-SU-2020:0598-1, SUSE-SU-2020:0631-1, SUSE-SU-2020:0632-1, VIGILANCE-VUL-31662
Apache Tomcat: privilege escalation via FORM authentication session fixation
An attacker can bypass restrictions via FORM authentication session fixation of Apache Tomcat, in order to escalate his privileges...
CERTFR-2019-AVI-643, cpuapr2020, CVE-2019-17563, DLA-2077-1, DLA-2209-1, DSA-4596-1, DSA-4680-1, HPESBUX04015, K24551552, openSUSE-SU-2020:0038-1, RHSA-2020:4004-01, SUSE-SU-2020:0029-1, SUSE-SU-2020:0226-1, SUSE-SU-2020:0632-1, USN-4251-1, VIGILANCE-VUL-31188
Apache Tomcat: privilege escalation via JMX Remote Lifecycle Listener
An attacker can bypass restrictions via JMX Remote Lifecycle Listener of Apache Tomcat, in order to escalate his privileges...
CERTFR-2019-AVI-643, cpuapr2020, CVE-2019-12418, DLA-2077-1, DLA-2155-1, DSA-4596-1, DSA-4680-1, HPESBUX04015, openSUSE-SU-2020:0038-1, SUSE-SU-2020:0029-1, SUSE-SU-2020:0226-1, SUSE-SU-2020:0632-1, USN-4251-1, VIGILANCE-VUL-31187
Apache Tomcat: denial of service via HTTP/2 WINDOW_UPDATE
An attacker can trigger a fatal error via HTTP/2 WINDOW_UPDATE of Apache Tomcat, in order to trigger a denial of service...
bulletinjul2019, CERTFR-2019-AVI-290, cpuapr2020, cpujan2020, CVE-2019-10072, DSA-2019-154, DSA-4680-1, ibm10967625, openSUSE-SU-2020:0038-1, SUSE-SU-2019:1866-1, SUSE-SU-2020:0029-1, SUSE-SU-2020:0226-1, SUSE-SU-2020:0632-1, USN-4128-1, USN-4128-2, VIGILANCE-VUL-29586, ZDI-19-582
Apache Tomcat: Cross Site Scripting via SSI printenv
An attacker can trigger a Cross Site Scripting via SSI printenv of Apache Tomcat, in order to run JavaScript code in the context of the web site...
bulletinjul2019, cpujan2020, CVE-2019-0221, DLA-1810-1, DLA-1883-1, DSA-4596-1, FEDORA-2019-1a3f878d27, FEDORA-2019-d66febb5df, HPESBUX04015, openSUSE-SU-2019:1673-1, openSUSE-SU-2019:1808-1, SUSE-SU-2019:1693-1, SUSE-SU-2019:1866-1, SUSE-SU-2019:1895-1, USN-4128-1, USN-4128-2, VIGILANCE-VUL-29350
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Tomcat: