QID 356243

a privilege escalation flaw was found in tomcat when the jmx remote lifecycle listener was enabled.
A local attacker without access to the tomcat process or configuration files could be able to manipulate the rmi registry to perform a man-in-the-middle attack.
The attacker could then capture user names and passwords used to access the jmx interface and gain complete control over the tomcat instance. (
( CVE-2019-12418) when using form authentication with apache tomcat 9.0.0.m1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack.
The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. (
( CVE-2019-17563) a flaw was found in apache tomcat, where the payload length in a websocket frame was not correctly validated.
Invalid payload lengths could trigger an infinite loop.
Multiple requests with invalid payload lengths could lead to a denial of service.
The highest threat from this vulnerability is to system availability. (
( CVE-2020-13935) the simplified implementation of blocking reads and writes introduced in tomcat 10 and back-ported to tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in apache tomcat 10.1.0 to 10.1.0-m12, 10.0.0-m1 to 10.0.18, 9.0.0-m1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an http11processor instance resulting in responses, or part responses, to be received by the wrong client. (
This could result in the user agent transmitting the session cookie over an insecure channel. (
( CVE-2023-28708)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.