Vulnerabilities > Apache > Tomcat > 9.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-02-23 CVE-2018-1305 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.
network
low complexity
apache debian canonical oracle
6.5
6.5
2018-01-31 CVE-2017-15706 Improperly Implemented Security Check for Standard vulnerability in Apache Tomcat
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute.
network
low complexity
apache CWE-358
5.3
5.3