CVE-2011-1183
- EPSS 6.16%
- Veröffentlicht 08.04.2011 15:17:28
- Zuletzt bearbeitet 16.06.2026 23:28:53
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerabi...
- EPSS 8.69%
- Veröffentlicht 08.04.2011 15:17:28
- Zuletzt bearbeitet 16.06.2026 23:29:25
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP ...
CVE-2011-1088
- EPSS 6.45%
- Veröffentlicht 14.03.2011 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:28:41
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
CVE-2011-1419
- EPSS 6.54%
- Veröffentlicht 14.03.2011 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:29:18
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerabi...
CVE-2011-0013
- EPSS 10.23%
- Veröffentlicht 19.02.2011 01:00:01
- Zuletzt bearbeitet 16.06.2026 23:26:37
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ...
- EPSS 7.89%
- Veröffentlicht 10.02.2011 18:00:56
- Zuletzt bearbeitet 16.06.2026 23:27:34
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request...
CVE-2010-3718
- EPSS 1.35%
- Veröffentlicht 10.02.2011 18:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:24
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as...
CVE-2010-4312
- EPSS 2.14%
- Veröffentlicht 26.11.2010 20:00:05
- Zuletzt bearbeitet 16.06.2026 23:24:33
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
CVE-2010-4172
- EPSS 42.01%
- Veröffentlicht 26.11.2010 20:00:04
- Zuletzt bearbeitet 16.06.2026 23:24:17
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to s...
CVE-2009-2696
- EPSS 5.01%
- Veröffentlicht 05.08.2010 18:17:57
- Zuletzt bearbeitet 16.06.2026 23:10:02
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbi...