CVE-2020-9484

all versions

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attack

7.0HIGH

CVE-2020-1938

all versions

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats

9.8CRITICAL

CVE-2020-1935

all versions

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-l

4.8MEDIUM

CVE-2019-17569

all versions

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The resu

4.8MEDIUM

CVE-2019-17359

all versions

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe

7.5HIGH

CVE-2019-0227

all versions

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur

7.5HIGH

CVE-2019-10247

all versions

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jett

5.3MEDIUM

CVE-2019-10246

all versions

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie

5.3MEDIUM

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2019-0190

all versions

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would

7.5HIGH

CVE-2018-17189

all versions

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream f

5.3MEDIUM

CVE-2018-11784

all versions

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to

4.3MEDIUM

CVE-2018-11763

all versions

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thre

5.9MEDIUM

CVE-2018-8032

all versions

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1MEDIUM

CVE-2018-11040

all versions

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications

7.5HIGH

CVE-2018-11039

all versions

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica

5.9MEDIUM

CVE-2018-1258

all versions

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when

8.8HIGH

CVE-2018-1257

all versions

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application

6.5MEDIUM

CVE-2018-2852

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

6.4MEDIUM

CVE-2018-1304

all versions

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M

5.9MEDIUM

CVE-2015-9251

all versions

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the

6.1MEDIUM

CVE-2018-2607

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). The suppor

4.9MEDIUM

CVE-2018-2606

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

6.2MEDIUM

CVE-2018-2604

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). The suppor

7.5HIGH

CVE-2017-10383

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). Suppo

5.3MEDIUM

CVE-2017-10375

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

4.6MEDIUM

CVE-2017-10372

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

8.7HIGH

CVE-2017-10370

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

6.9MEDIUM

CVE-2017-12617

all versions

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena

8.1HIGH

CVE-2017-10219

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

5.5MEDIUM

CVE-2017-10218

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

4.3MEDIUM

CVE-2017-10217

all versions

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported

4.3MEDIUM

CVE-2017-9735

all versions

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obt

7.5HIGH

CVE-2016-8735

all versions

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and

9.8CRITICAL