Vulnerabilities > Apache > Tomcat > 7.0.43
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2017-12616 | Information Exposure vulnerability in Apache Tomcat When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | 7.5 |
| 2017-09-19 | CVE-2017-12615 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. | 8.1 |
| 2017-08-11 | CVE-2017-7674 | Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. | 4.3 |
| 2017-08-11 | CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 |
| 2017-08-10 | CVE-2016-8745 | 7PK - Errors vulnerability in Apache Tomcat A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. | 7.5 |
| 2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |
| 2017-08-10 | CVE-2016-6794 | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. | 5.3 |
| 2017-08-10 | CVE-2016-5018 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | 9.1 |
| 2017-08-10 | CVE-2016-0762 | Information Exposure Through Discrepancy vulnerability in multiple products The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. | 5.9 |
| 2017-06-06 | CVE-2017-5664 | Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. | 7.5 |