tomcat (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package tomcat, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2018-8014 — CVSS 9.8 (critical): The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to…
CVE-2018-1336 — CVSS 7.5 (high): An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a…
CVE-2017-5664 — CVSS 7.5 (high): The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the…
CVE-2018-8034 — CVSS 7.5 (high): The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache…
CVE-2018-1305 — CVSS 6.5 (medium): Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0…
CVE-2018-8037 — CVSS 5.9 (medium): If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition…
CVE-2018-1304 — CVSS 5.9 (medium): The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to…
CVE-2017-15706 — CVSS 5.3 (medium): As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to…
CVE-2018-11784 — CVSS 4.3 (medium): When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a…
CVE-2017-7674 — CVSS 4.3 (medium): The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary…