tomcat8

a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads

A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object...

A security issue was found in Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59. When serving resources from a network location...

It was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the...

An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the...

An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid...

A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU...

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the...

A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an...

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...