FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2022-03-25 | CVE-2017-12615 | critical | ⚡RCE ⌖KEV | 95 | When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
| 2025-04-01 | CVE-2025-24813 | high | ⚡RCE ⌖KEV | 65 | Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request. |
| 2023-05-12 | CVE-2016-8735 | high | ⚡RCE ⌖KEV | 65 | Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle pa |
| 2022-03-25 | CVE-2017-12617 | high | ⚡RCE ⌖KEV | 65 | When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
| 2022-03-03 | CVE-2020-1938 | high | ⌖KEV | 50 | Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited. |