Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.90 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-21fj-g9yj-aaaa
Aliases: CVE-2020-1745 GHSA-gv2w-88hx-8m9r |
Information Exposure A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution. |
Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-259r-tjud-aaad
Aliases: CVE-2020-1935 GHSA-qxf4-chvg-4r8r |
Potential HTTP request smuggling in Apache Tomcat |
Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-2nrx-8urf-aaaf
Aliases: CVE-2019-0221 GHSA-jjpq-gp5q-8q6w |
Cross-site scripting in Apache Tomcat |
Affected by 10 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2vk8-jkgn-aaap
Aliases: CVE-2019-0232 GHSA-8vmx-qmch-mpqg |
High severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 10 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-2xpy-bz6f-aaak
Aliases: CVE-2020-1938 GHSA-c9hw-wf7x-jp9j |
Improper Privilege Management in Tomcat |
Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-6zmg-trun-aaac
Aliases: CVE-2021-30640 GHSA-36qh-35cm-5w2w |
Authentication Bypass by Alternate Name in Apache Tomcat |
Affected by 1 other vulnerability. Affected by 13 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-7qs4-bekd-aaab
Aliases: CVE-2018-11784 GHSA-5q99-f34m-67gc |
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core |
Affected by 12 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-8qf1-1syh-aaap
Aliases: CVE-2019-12418 GHSA-hh3j-x4mc-g48r |
Insufficiently Protected Credentials in Apache Tomcat |
Affected by 9 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-akem-ybu8-aaab
Aliases: CVE-2021-25329 GHSA-jgwr-3qm3-26f3 |
Potential remote code execution in Apache Tomcat |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-jqdk-mw8x-aaae
Aliases: CVE-2019-17563 GHSA-9xcj-c8cr-8c3c |
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack |
Affected by 9 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-nm9b-h95h-aaaa
Aliases: CVE-2020-9484 GHSA-344f-f5vg-2jfj |
Potential remote code execution in Apache Tomcat |
Affected by 4 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rjmz-fcp1-aaac
Aliases: CVE-2020-8022 GHSA-gc58-v8h3-x2gr |
Incorrect Default Permissions in Apache Tomcat |
Affected by 10 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-w4d3-t13k-aaab
Aliases: CVE-2021-24122 GHSA-2rvv-w9r2-rg7m |
Information Disclosure in Apache Tomcat |
Affected by 3 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7c2n-n9ga-aaar | The host name verification missing in Apache Tomcat |
CVE-2018-8034
GHSA-46j3-r4pj-4835 |