pkg:Maven/org.apache.tomcat.embed:tomcat-embed-core

共 71 筆 CVECRITICAL13HIGH37MEDIUM17LOW2

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2025-24813⚠ KEVApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
    >= 11.0.0-M1, < 11.0.3
  • CRITICAL9.8CVE-2020-1938⚠ KEVImproper Privilege Management in Tomcat
    >= 9.0.0, < 9.0.31
  • HIGH8.1CVE-2017-12617⚠ KEVtomcat7 - security update
    >= 9.0.0.M1, < 9.0.1
  • HIGH8.1CVE-2017-12615⚠ KEVWhen running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
    >= 7.0.0, < 7.0.79
  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    >= 11.0.0-M1, < 11.0.0-M12
  • CRITICAL9.8CVE-2026-41293Apache Tomcat - HTTP/2 request headers not validated
    from 0, < 9.0.118
  • CRITICAL9.8CVE-2026-43512Apache Tomcat - Digest authenticator will authenticate any unknown user
    from 0, < 9.0.118
  • CRITICAL9.8CVE-2025-31651Apache Tomcat: Bypass of rules in Rewrite Valve
    >= 9.0.76, < 9.0.104
  • CRITICAL9.8CVE-2024-56337Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
    >= 11.0.0-M1, < 11.0.2
  • CRITICAL9.8CVE-2024-50379Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
    >= 11.0.0-M1, < 11.0.2
  • CRITICAL9.8CVE-2017-5651Expected Behavior Violation in Apache Tomcat
    >= 9.0.0.M1, < 9.0.0.M19
  • CRITICAL9.8CVE-2018-8014The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
    >= 9.0.0.M1, < 9.0.9
  • CRITICAL9.6CVE-2025-55754Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
    >= 11.0.0-M1, < 11.0.11
  • CRITICAL9.1CVE-2026-43515Apache Tomcat - Security constraints not correctly applied
    from 0, < 9.0.118
  • CRITICAL9.1CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping
    >= 11.0.0-M1, < 11.0.15
  • CRITICAL9.1CVE-2017-5648Exposure of Resource to Wrong Sphere in Apache Tomcat
    >= 9.0.0.M1, < 9.0.0.M18
  • HIGH8.4CVE-2025-49124Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows
    >= 11.0.0-M1, < 11.0.8
  • HIGH8.1CVE-2019-0232Apache Tomcat OS Command Injection vulnerability
    >= 9.0.0.M1, < 9.0.17
  • HIGH7.5CVE-2026-41284Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
    from 0, < 9.0.118
  • HIGH7.5CVE-2026-43513Apache Tomcat: LockOutRealm treats user names as case-sensitive
    from 0, < 9.0.118
  • HIGH7.5CVE-2026-34487Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token
    >= 9.0.13, < 9.0.117
  • HIGH7.5CVE-2026-34483Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
    >= 9.0.40, < 9.0.116
  • HIGH7.5CVE-2026-24880Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
    >= 7.0.0, < 9.0.116
  • HIGH7.5CVE-2026-29129Apache Tomcat: Configured cipher preference order not preserved
    >= 9.0.114, < 9.0.116
  • HIGH7.5CVE-2026-24734Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
    >= 11.0.0-M1, < 11.0.18
  • HIGH7.5CVE-2025-55752Apache Tomcat Vulnerable to Relative Path Traversal
    >= 11.0.0-M1, < 11.0.11
  • HIGH7.5CVE-2025-48989Apache Tomcat Improper Resource Shutdown or Release vulnerability
    >= 11.0.0-M1, < 11.0.10
  • HIGH7.5CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start
    >= 8.5.0, <= 8.5.100
  • HIGH7.5CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload
    >= 11.0.0-M1, < 11.0.9
  • HIGH7.5CVE-2025-48988Apache Tomcat: FileUpload large number of parts with headers DoS
    >= 11.0.0-M1, < 11.0.8
  • HIGH7.5CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources
    >= 11.0.0-M1, < 11.0.8
  • HIGH7.5CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
    >= 9.0.76, < 9.0.104
  • HIGH7.5CVE-2024-34750Apache Tomcat: HTTP/2 excess header handling DoS
    >= 11.0.0-M1, < 11.0.0-M21
  • HIGH7.5CVE-2024-24549Apache Tomcat: HTTP/2 header handling DoS
    >= 8.5.0, < 8.5.99
  • HIGH7.5CVE-2023-46589Apache Tomcat: HTTP request smuggling via malformed trailer headers
    >= 11.0.0-M1, < 11.0.0-M11
  • HIGH7.5CVE-2023-28709Apache Tomcat: Fix for CVE-2023-24998 is incomplete
    >= 11.0.0-M2, < 11.0.0-M5
  • HIGH7.5CVE-2023-34981Apache Tomcat: AJP response header mix-up
    >= 11.0.0-M5, < 11.0.0-M6
  • HIGH7.5CVE-2023-24998tomcat9 - security update
    >= 10.1.0-M1, < 10.1.5
  • HIGH7.5CVE-2022-45143Apache Tomcat: JsonErrorReportValve escaping
    >= 8.5.83, < 8.5.84
  • HIGH7.5CVE-2022-42252Apache Tomcat request smuggling via malformed content-length
    >= 8.5.0, < 8.5.83
  • HIGH7.5CVE-2021-25122Apache Tomcat h2c request mix-up
    >= 10.0.0, < 10.0.2
  • HIGH7.5CVE-2019-0199Apache Tomcat Denial of Service vulnerability
    >= 9.0.0, < 9.0.16
  • HIGH7.5CVE-2019-17563tomcat8 - security update
    from 0, < 7.0.99
  • HIGH7.5CVE-2019-10072tomcat9 - security update
    >= 9.0.0.M1, < 9.0.20
  • HIGH7.5CVE-2018-8034tomcat7 - security update
    >= 9.0.0, < 9.0.10
  • HIGH7.5CVE-2018-1336tomcat8 - security update
    >= 9.0.0.M9, < 9.0.8
  • HIGH7.3CVE-2026-42498Apache Tomcat - WebSocket authentication header exposure
    from 0, < 9.0.118
  • HIGH7.3CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts
    >= 9.0.0.M1, < 9.0.105
  • HIGH7.0CVE-2021-25329Incomplete fix for CVE-2020-9484
    >= 10.0.0-M1, < 10.0.2
  • HIGH7.0CVE-2020-9484Potential remote code execution in Apache Tomcat
    >= 10.0.0-M1, < 10.0.0-M5
  • HIGH7.0CVE-2019-12418tomcat8 - security update
    from 0, < 7.0.99
  • MEDIUM6.5CVE-2024-52317Apache Tomcat: Request/response mix-up with HTTP/2
    >= 9.0.92, < 9.0.96
  • MEDIUM6.5CVE-2018-1305Apache Tomcat information exposure vulnerability
    >= 9.0.0M1, < 9.0.5
  • MEDIUM6.1CVE-2026-25854Apache Tomcat has an Open Redirect vulnerability
    >= 8.5.30, < 9.0.116
  • MEDIUM6.1CVE-2023-41080Apache Tomcat: Open redirect with FORM authentication
    >= 8.5.0, < 8.5.93
  • MEDIUM6.1CVE-2019-0221tomcat7 - security update
    >= 9.0.0, < 9.0.17
  • MEDIUM5.9CVE-2021-24122Apache Tomcat information disclosure
    >= 10.0.0-M1, < 10.0.0-M10
  • MEDIUM5.9CVE-2018-8037Apache Tomcat Race Condition vulnerability
    >= 9.0.0.M9, < 9.0.10
  • MEDIUM5.9CVE-2018-1304tomcat8 - security update
    >= 9.0.0, < 9.0.5
  • MEDIUM5.3CVE-2026-32990Apache Tomcat has an Improper Input Validation vulnerability
    >= 9.0.113, < 9.0.116
  • MEDIUM5.3CVE-2025-61795Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
    >= 11.0.0-M1, < 11.0.12
  • MEDIUM5.3CVE-2024-21733Apache Tomcat: Leaking of unrelated request bodies in default error page
    >= 8.5.7, < 8.5.64
  • MEDIUM5.3CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient
    >= 11.0.0-M1, < 11.0.0-M12
  • MEDIUM5.3CVE-2023-42795Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
    >= 11.0.0-M1, < 11.0.0-M12
  • MEDIUM4.8CVE-2019-17569tomcat8 - security update
    >= 7.0.98, < 7.0.100
  • MEDIUM4.8CVE-2020-1935Potential HTTP request smuggling in Apache Tomcat
    from 0, < 7.0.100
  • MEDIUM4.3CVE-2018-11784tomcat8 - security update
    >= 8.5.0, < 8.5.34
  • LOW3.7CVE-2026-43514Apache Tomcat - AJP secret compared in non-constant time
    from 0, < 9.0.118
  • LOW3.7CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.9
    >= 11.0.0-M1, < 11.0.15
  • CVE-2014-0095Denial of service in Apache Tomcat
    >= 8.0.0-RC1, < 8.0.4
  • CVE-2008-1947tomcat5.5
    >= 5.5.9, < 5.5.27