| CVE-2020-9484 |
AVG-1169 |
High |
Yes |
Arbitrary code execution |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the... |
| CVE-2017-12616 |
AVG-408 |
Medium |
Yes |
Information disclosure |
It has been discovered that tomcat version 7.0.80 and before are vulnerable to information disclosure. When using a VirtualDirContext it was possible to... |
| CVE-2017-12615 |
AVG-409 |
High |
Yes |
Arbitrary code execution |
It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP... |
| CVE-2017-5664 |
AVG-290 |
High |
Yes |
Access restriction bypass |
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an... |
| CVE-2016-5388 |
AVG-23 |
Medium |
Yes |
Proxy injection |
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which... |