Max CVSS | 6.8 | Min CVSS | 3.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-12615 | 6.8 |
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP
|
16-07-2024 - 17:58 | 19-09-2017 - 13:29 | |
CVE-2017-12617 | 6.8 |
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
|
16-07-2024 - 17:58 | 04-10-2017 - 01:29 | |
CVE-2017-12613 | 3.6 |
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially r
|
18-04-2022 - 18:16 | 24-10-2017 - 01:29 | |
CVE-2018-1304 | 4.3 |
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti
|
03-10-2019 - 00:03 | 28-02-2018 - 20:29 | |
CVE-2018-1305 | 4.0 |
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap
|
03-10-2019 - 00:03 | 23-02-2018 - 23:29 | |
CVE-2017-12616 | 5.0 |
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
|
15-04-2019 - 16:30 | 19-09-2017 - 13:29 | |
CVE-2017-15698 | 4.3 |
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It wa
|
25-03-2019 - 11:35 | 31-01-2018 - 14:29 |