Exposição de Apache Tomcat
Web servers342
score de exposição
14.493
sites usam
5
em exploração
19
críticos
CVEs
131 resultadosCVE-2017-12617HIGHWhen running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.EPSS 100.0%KEVCVE-2025-24813CRITICALApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTEPSS 99.9%KEVCVE-2017-12615HIGHWhen running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the EPSS 99.6%KEVCVE-2020-1938CRITICALWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connecEPSS 99.3%KEVCVE-2016-8735CRITICALRemote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x beforeEPSS 90.3%KEVCVE-2019-0232—When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 EPSS 99.7%CVE-2018-11784—When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directoEPSS 94.5%CVE-2018-11759—The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK EPSS 90.6%CVE-2020-13935—The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.EPSS 87.6%CVE-2021-33037—Incorrect Transfer-Encoding handling with HTTP/1.0EPSS 75.4%CVE-2025-55752HIGHApache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabledEPSS 74.0%CVE-2019-10072—The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1EPSS 73.0%CVE-2019-0199—The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS framesEPSS 72.9%CVE-2022-29885—EncryptInterceptor does not provide complete protection on insecure networksEPSS 71.7%CVE-2017-12616—When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source codeEPSS 70.8%CVE-2025-31650HIGHApache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frameEPSS 66.4%CVE-2020-13934—An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 procesEPSS 64.1%CVE-2020-13943—If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum nuEPSS 57.3%CVE-2020-9484—When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is ableEPSS 56.6%CVE-2025-48988HIGHApache Tomcat: FileUpload large number of parts with headers DoSEPSS 53.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →