The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Tomcat

Apache Tomcat: Cross Site Scripting via SSI printenv
An attacker can trigger a Cross Site Scripting via SSI printenv of Apache Tomcat, in order to run JavaScript code in the context of the web site...
bulletinjul2019, cpujan2020, CVE-2019-0221, DLA-1810-1, DLA-1883-1, DSA-4596-1, FEDORA-2019-1a3f878d27, FEDORA-2019-d66febb5df, HPESBUX04015, openSUSE-SU-2019:1673-1, openSUSE-SU-2019:1808-1, SUSE-SU-2019:1693-1, SUSE-SU-2019:1866-1, SUSE-SU-2019:1895-1, USN-4128-1, USN-4128-2, VIGILANCE-VUL-29350
Apache Tomcat: code execution via Windows enableCmdLineArguments
An attacker can use a vulnerability via Windows enableCmdLineArguments of Apache Tomcat, in order to run code...
CERTFR-2019-AVI-170, cpujan2020, CVE-2019-0232, HPESBUX04015, Synology-SA-19:17, VIGILANCE-VUL-28999
Apache Tomcat: denial of service via HTTP/2 Frames
An attacker can trigger a fatal error via HTTP/2 Frames of Apache Tomcat, in order to trigger a denial of service...
bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-251, cpujan2020, CVE-2019-0199, DSA-4596-1, FEDORA-2019-1a3f878d27, FEDORA-2019-d66febb5df, ibm10886317, openSUSE-SU-2019:1673-1, openSUSE-SU-2019:1723-1, openSUSE-SU-2019:1808-1, SUSE-SU-2019:1693-1, SUSE-SU-2019:1825-1, SUSE-SU-2019:1866-1, SUSE-SU-2019:1895-1, VIGILANCE-VUL-28842
Apache Tomcat JK mod_jk: information disclosure via Reverse Proxy
An attacker can bypass access restrictions to data via Reverse Proxy of Apache Tomcat JK mod_jk, in order to obtain sensitive information...
bulletinjan2019, CVE-2018-11759, DLA-1609-1, DSA-4357-1, openSUSE-SU-2018:4032-1, SUSE-SU-2018:3963-1, SUSE-SU-2018:3963-2, SUSE-SU-2018:3969-1, SUSE-SU-2018:3970-1, VIGILANCE-VUL-27665
Apache Tomcat: open redirect via Directory Redirect
An attacker can deceive the user via Directory Redirect of Apache Tomcat, in order to redirect him to a malicious site...
bulletinoct2018, CERTFR-2020-AVI-278, cpuapr2019, cpuapr2020, cpujan2020, cpuoct2019, CVE-2018-11784, DLA-1544-1, DLA-1545-1, DSA-4596-1, FEDORA-2018-b18f9dd65b, FEDORA-2018-b89746cb9b, HPESBUX04015, ibm10874888, NTAP-20181014-0002, openSUSE-SU-2018:3453-1, openSUSE-SU-2018:4042-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0485-01, RHSA-2019:1529-01, SB10257, SB10264, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SUSE-SU-2018:3393-1, SUSE-SU-2018:3935-1, SUSE-SU-2018:3968-1, SYMSA1765, USN-3787-1, VIGILANCE-VUL-27396
Apache Tomcat: Man-in-the-Middle via WebSocket Client
An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session...
CERTFR-2018-AVI-584, cpuoct2019, CVE-2018-8034, DLA-1453-1, DLA-1491-1, DSA-4281-1, FEDORA-2018-b1832101b8, HPESBUX04015, ibm10742719, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26817
Apache Tomcat: information disclosure via User Sessions Reuse
An attacker can bypass access restrictions to data via User Sessions Reuse of Apache Tomcat, in order to obtain sensitive information...
CERTFR-2018-AVI-356, CERTFR-2018-AVI-584, CVE-2018-8037, DSA-4281-1, FEDORA-2018-b1832101b8, ibm10742719, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2867-01, RHSA-2018:2868-01, RHSA-2019:1529-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3388-1, VIGILANCE-VUL-26816
Apache Tomcat: infinite loop via UTF-8 Decoder
An attacker can generate an infinite loop via UTF-8 Decoder of Apache Tomcat, in order to trigger a denial of service...
CERTFR-2018-AVI-356, CVE-2018-1336, DLA-1491-1, DSA-4281-1, HPESBUX04015, JSA10993, K73008537, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2700-01, RHSA-2018:2701-01, RHSA-2018:2740-01, RHSA-2018:2741-01, RHSA-2018:2742-01, RHSA-2018:2743-01, RHSA-2018:2921-01, RHSA-2018:2930-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26815
Apache Tomcat: privilege escalation via CORS Filter SupportsCredentials All Origins
An attacker can bypass restrictions via CORS Filter SupportsCredentials All Origins of Apache Tomcat, in order to escalate his privileges...
bulletinjul2018, CVE-2018-8014, DLA-1400-1, DLA-1400-2, DLA-1883-1, DSA-4596-1, FEDORA-2018-b1832101b8, HPESBUX04015, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2469-01, RHSA-2018:2470-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-26154
Tomcat: Cross Site Scripting via Manager Application IE
An attacker can trigger a Cross Site Scripting via Manager Application IE of Tomcat, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-25883
Our database contains other pages. You can request a free trial to read them.

Display information about Tomcat: