The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tomcat

computer weakness announce CVE-2018-8014

Apache Tomcat: privilege escalation via CORS Filter SupportsCredentials All Origins

Synthesis of the vulnerability

An attacker can bypass restrictions via CORS Filter SupportsCredentials All Origins of Apache Tomcat, in order to escalate his privileges.
Severity: 2/4.
Creation date: 17/05/2018.
Identifiers: bulletinjul2018, CVE-2018-8014, DLA-1400-1, DLA-1400-2, DLA-1883-1, FEDORA-2018-b1832101b8, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2469-01, RHSA-2018:2470-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-26154.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via CORS Filter SupportsCredentials All Origins of Apache Tomcat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 25883

Tomcat: Cross Site Scripting via Manager Application IE

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Manager Application IE of Tomcat, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 17/04/2018.
Identifiers: VIGILANCE-VUL-25883.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Tomcat product offers a web service.

However, it does not filter received data via Manager Application IE before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Manager Application IE of Tomcat, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2017-15706

Apache Tomcat: code execution via Documented CGI Search Algorithm

Synthesis of the vulnerability

An attacker can use a vulnerability via Documented CGI Search Algorithm of Apache Tomcat, in order to run code.
Severity: 1/4.
Creation date: 30/03/2018.
Identifiers: bulletinapr2018, CVE-2017-15706, openSUSE-SU-2018:0852-1, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-25725.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Documented CGI Search Algorithm of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2018-1323

Apache Tomcat JK ISAPI Connector: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Apache Tomcat JK ISAPI Connector, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 12/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1323, VIGILANCE-VUL-25528.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Apache Tomcat JK ISAPI Connector, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-1304 CVE-2018-1305

Apache Tomcat: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Apache Tomcat, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/02/2018.
Identifiers: bulletinapr2018, cpuapr2019, cpujul2019, cpuoct2018, CVE-2018-1304, CVE-2018-1305, DLA-1301-1, DLA-1400-1, DLA-1400-2, DLA-1450-1, DSA-4281-1, FEDORA-2018-50f0da5d38, FEDORA-2018-a233dae4ab, ibm10719117, openSUSE-SU-2018:0852-1, RHSA-2018:0465-01, RHSA-2018:0466-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2019:2205-01, SUSE-SU-2018:1847-1, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-25358.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Apache Tomcat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2017-12617

Apache Tomcat: code execution via Read-write Default/WebDAV Servlet

Synthesis of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Severity: 3/4.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpuapr2019, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2017-12615

Apache Tomcat: code execution via HTTP PUT JSP File

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP PUT JSP File of Apache Tomcat, in order to run code.
Severity: 3/4.
Creation date: 19/09/2017.
Identifiers: 504539, CERTFR-2017-AVI-314, CVE-2017-12615, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3059-1, Synology-SA-17:54, VIGILANCE-VUL-23872.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via HTTP PUT JSP File of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2017-12616

Apache Tomcat: information disclosure via VirtualDirContext JSP Source Code

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via VirtualDirContext of Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/09/2017.
Identifiers: 504539, CERTFR-2017-AVI-314, CVE-2017-12616, DLA-1108-1, DLA-1400-1, DLA-1400-2, ESA-2017-097, RHSA-2018:0465-01, RHSA-2018:0466-01, SUSE-SU-2017:3059-1, Synology-SA-17:54, USN-3665-1, VIGILANCE-VUL-23871.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via VirtualDirContext of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-7675

Apache Tomcat: directory traversal via HTTP/2

Synthesis of the vulnerability

An attacker can traverse directories via HTTP/2 of Apache Tomcat, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, CVE-2017-7675, DSA-3974-1, VIGILANCE-VUL-23501.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via HTTP/2 of Apache Tomcat, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7674

Apache Tomcat: information disclosure via Cache Poisoning

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, cpuapr2018, CVE-2017-7674, DLA-1400-1, DLA-1400-2, DSA-3974-1, FEDORA-2017-a00a087fd4, FEDORA-2017-ab0def38cd, HPESBUX03828, openSUSE-SU-2017:3069-1, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3519-1, VIGILANCE-VUL-23500.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Tomcat: