Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed


Group Affected Fixed Severity Status Ticket
AVG-1169 7.0.0-1 7.0.104-1 High Fixed
AVG-409 7.0.80-1 High Not affected
AVG-408 7.0.80-1 7.0.81-1 Medium Fixed
AVG-290 7.0.76-1 7.0.78-1 High Fixed
AVG-23 7.0.70-1 7.0.72-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2020-9484 AVG-1169 High Yes Arbitrary code execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the...
CVE-2017-12616 AVG-408 Medium Yes Information disclosure
It has been discovered that tomcat version 7.0.80 and before are vulnerable to information disclosure. When using a VirtualDirContext it was possible to...
CVE-2017-12615 AVG-409 High Yes Arbitrary code execution
It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP...
CVE-2017-5664 AVG-290 High Yes Access restriction bypass
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an...
CVE-2016-5388 AVG-23 Medium Yes Proxy injection
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...


Date Advisory Group Severity Type
06 Jun 2020 ASA-202006-6 AVG-1169 High arbitrary code execution
19 Sep 2017 ASA-201709-17 AVG-408 Medium information disclosure
06 Jun 2017 ASA-201706-6 AVG-290 High access restriction bypass
22 Sep 2016 ASA-201609-21 AVG-23 Medium proxy injection