| CVE-2023-24998 |
AVG-2830 |
Medium |
Yes |
Denial of service |
a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads |
| CVE-2021-42340 |
AVG-2470 |
High |
Yes |
Denial of service |
A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object... |
| CVE-2021-24122 |
AVG-1452 |
High |
Yes |
Information disclosure |
A security issue was found in Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59. When serving resources from a network location... |
| CVE-2020-17527 |
AVG-1317 |
Medium |
Yes |
Information disclosure |
It was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the... |
| CVE-2020-13935 |
AVG-1205 |
High |
Yes |
Denial of service |
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where an h2c direct connection did not release the HTTP/1.1 processor after the... |
| CVE-2020-13934 |
AVG-1205 |
High |
Yes |
Denial of service |
An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid... |
| CVE-2020-11996 |
AVG-1196 |
Medium |
Yes |
Denial of service |
A denial of service has been found in Apache Tomcat before 9.0.36 and 8.5.56, where a specially crafted sequence of HTTP/2 requests could trigger high CPU... |
| CVE-2020-9484 |
AVG-1171 |
High |
Yes |
Arbitrary code execution |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able to control the... |