Vulnerabilities > Apache > Tomcat > 7.0.77

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2017-12616 Information Exposure vulnerability in Apache Tomcat
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
network
low complexity
apache CWE-200
7.5
7.5
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
network
high complexity
apache netapp redhat CWE-434
8.1
8.1
2017-08-11 CVE-2017-7674 Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin.
network
low complexity
apache CWE-345
4.3
4.3
2017-06-06 CVE-2017-5664 Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page.
network
low complexity
apache CWE-755
7.5
7.5