Vulnerabilities > Apache > Tomcat > 8.0.48

DATE CVE VULNERABILITY TITLE RISK
2020-06-29 CVE-2020-8022 Incorrect Default Permissions vulnerability in multiple products
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root.
local
low complexity
apache opensuse CWE-276
7.8
2018-08-02 CVE-2018-1336 Infinite Loop vulnerability in multiple products
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.
network
low complexity
apache redhat debian canonical CWE-835
7.5
2018-08-01 CVE-2018-8034 Improper Certificate Validation vulnerability in multiple products
The host name verification when using TLS with the WebSocket client was missing.
network
low complexity
apache debian canonical oracle CWE-295
7.5
2018-05-16 CVE-2018-8014 Insecure Default Initialization of Resource vulnerability in multiple products
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.
network
low complexity
apache canonical debian netapp CWE-1188
critical
9.8
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
2018-02-23 CVE-2018-1305 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.
network
low complexity
apache debian canonical oracle
6.5
2016-07-19 CVE-2016-5388 Improper Access Control vulnerability in multiple products
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
high complexity
redhat hp oracle apache CWE-284
8.1