from 0, < 9.0.43-2~deb11u12
from 0, < 9.0.43-2~deb11u12
CRITICAL9.8⚠ KEVImproper Privilege Management in Tomcat
from 0, < 9.0.31-1
MEDIUM5.3⚠ KEVnghttp2 - security update
from 0, < 9.0.43-2~deb11u7
CRITICAL9.8Apache Tomcat - HTTP/2 request headers not validated
from 0, < 9.0.70-2
CRITICAL9.8Apache Tomcat - Digest authenticator will authenticate any unknown user
from 0, < 9.0.70-2
CRITICAL9.8Apache Tomcat Rewrite rule bypass
from 0, < 9.0.107-0+deb11u1
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
from 0, < 9.0.43-2~deb11u11
CRITICAL9.8Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
from 0, < 9.0.43-2~deb11u11
CRITICAL9.8Apache Tomcat - Authentication Bypass
from 0, < 9.0.43-2~deb11u11
CRITICAL9.6Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
from 0, < 9.0.107-0+deb11u2
CRITICAL9.1Apache Tomcat - Security constraints not correctly applied
from 0, < 9.0.70-2
CRITICAL9.1Apache Tomcat: CLIENT_CERT authentication does not fail as expected
from 0, < 9.0.70-2
CRITICAL9.1Apache Tomcat - Client certificate verification bypass
from 0, < 9.0.70-2
HIGH8.6Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
from 0, < 9.0.43-2~deb11u11
HIGH8.6Improper socket reuse in Apache Tomcat
from 0, < 9.0.22-1
HIGH7.5Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat: LockOutRealm treats user names as case-sensitive
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat: Configured cipher preference order not preserved
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat has an Improper Input Validation vulnerability
from 0, < 9.0.70-2
HIGH7.5tomcat9 - security update
from 0, < 9.0.107-0+deb11u2
HIGH7.5tomcat9 - security update
from 0, < 9.0.107-0+deb11u2
HIGH7.5Apache Tomcat Improper Resource Shutdown or Release vulnerability
from 0, < 9.0.70-2
HIGH7.5Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat - DoS in multipart upload
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat - Security constraint bypass for pre/post-resources
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat Denial of Service via invalid HTTP priority header
from 0, < 9.0.107-0+deb11u1
HIGH7.5tomcat10 - security update
from 0, < 9.0.107-0+deb11u1
HIGH7.5tomcat10 - security update
from 0, < 9.0.107-0+deb11u1
HIGH7.5Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
from 0, < 9.0.43-2~deb11u10
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u10
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u10
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u11
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u9
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u7
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u7
HIGH7.5Apache Tomcat improperly escapes input from JsonErrorReportValve
from 0, < 9.0.43-2~deb11u6
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u6
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u6
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u8
HIGH7.5Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
from 0, < 9.0.43-2~deb11u4
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u2
HIGH7.5tomcat9 - security update
from 0, < 9.0.36-1
HIGH7.5tomcat8 - security update
from 0, < 9.0.40-1
HIGH7.5Infinite Loop in Apache Tomcat
from 0, < 9.0.37-1
HIGH7.5tomcat8 - security update
from 0, < 9.0.37-1
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u3
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u3
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u2
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u6
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u4
HIGH7.5tomcat9 - security update
from 0, < 9.0.43-1
HIGH7.5Apache Tomcat Denial of Service vulnerability
from 0, < 9.0.16-1
HIGH7.5tomcat8 - security update
from 0, < 9.0.31-1
HIGH7.5tomcat9 - security update
from 0, < 9.0.22-1
HIGH7.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u1
HIGH7.3Apache Tomcat - WebSocket authentication header exposure
from 0, < 9.0.70-2
HIGH7.3tomcat11 - security update
from 0, < 9.0.107-0+deb11u1
HIGH7.0Race condition in Apache Tomcat
from 0, < 9.0.43-2~deb11u4
HIGH7.0Potential remote code execution in Apache Tomcat
from 0, < 9.0.43-1
HIGH7.0tomcat7 - security update
from 0, < 9.0.35-1
HIGH7.0tomcat8 - security update
from 0, < 9.0.31-1
MEDIUM6.5Apache Tomcat: CLIENT_CERT authentication does not fail as expected
from 0, < 9.0.70-2
MEDIUM6.5Apache Tomcat Session Fixation vulnerability
from 0, < 9.0.70-2
MEDIUM6.5tomcat9 - security update
from 0, < 9.0.31-1~deb10u5
MEDIUM6.5tomcat9 - security update
from 0, < 9.0.43-2~deb11u1
MEDIUM6.3tomcat9 - security update
from 0, < 9.0.43-2~deb11u10
MEDIUM6.3tomcat9 - security update
from 0, < 9.0.31-1~deb10u12
MEDIUM6.1Apache Tomcat has an Open Redirect vulnerability
from 0, < 9.0.70-2
MEDIUM6.1Apache Tomcat Open Redirect vulnerability
from 0, < 9.0.43-2~deb11u7
MEDIUM6.1Cross-site Scripting in Apache Tomcat
from 0, < 9.0.65-1
MEDIUM6.1tomcat7 - security update
from 0, < 9.0.16-4
MEDIUM5.9tomcat8 - security update
from 0, < 9.0.40-1
MEDIUM5.3Apache Tomcat has an Improper Input Validation vulnerability
from 0, < 9.0.70-2
MEDIUM5.3Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
from 0, < 9.0.107-0+deb11u2
MEDIUM5.3Apache Tomcat Uncontrolled Resource Consumption vulnerability
from 0, < 9.0.107-0+deb11u1
MEDIUM5.3tomcat9 - security update
from 0, < 9.0.43-2~deb11u11
MEDIUM5.3tomcat9 - security update
from 0, < 9.0.43-2~deb11u11
MEDIUM5.3Apache Tomcat Improper Input Validation vulnerability
from 0, < 9.0.43-2~deb11u7
MEDIUM5.3Apache Tomcat Incomplete Cleanup vulnerability
from 0, < 9.0.43-2~deb11u7
MEDIUM5.3HTTP Request Smuggling in Apache Tomcat
from 0, < 9.0.43-2~deb11u1
MEDIUM4.8tomcat8 - security update
from 0, < 9.0.31-1
MEDIUM4.8Potential HTTP request smuggling in Apache Tomcat
from 0, < 9.0.31-1
MEDIUM4.3Apache Tomcat vulnerable to Unprotected Transport of Credentials
from 0, < 9.0.43-2~deb11u6
MEDIUM4.3tomcat9 - security update
from 0, < 9.0.31-1~deb10u3
MEDIUM4.3tomcat9 - security update
from 0, < 9.0.38-1
LOW3.7Apache Tomcat - AJP secret compared in non-constant time
from 0, < 9.0.70-2
LOW3.7Apache Tomcat - Security constraint bypass with HTTP/0.9
from 0, < 9.0.70-2
LOW3.7tomcat9 - security update
from 0, < 9.0.43-2~deb11u4
LOW3.7tomcat9 - security update
from 0, < 9.0.31-1~deb10u7
LOW3.7tomcat9 - security update
from 0, < 9.0.43-2~deb11u4