Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 54.78%
  • Veröffentlicht 13.07.2010 17:30:03
  • Zuletzt bearbeitet 16.06.2026 23:20:20

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via...

  • EPSS 52.51%
  • Veröffentlicht 23.04.2010 14:30:01
  • Zuletzt bearbeitet 16.06.2026 23:17:37

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re...

  • EPSS 9.64%
  • Veröffentlicht 28.01.2010 20:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:02

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat ...

  • EPSS 8.15%
  • Veröffentlicht 28.01.2010 20:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:27

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requ...

  • EPSS 10.78%
  • Veröffentlicht 28.01.2010 20:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:27

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

  • EPSS 79%
  • Veröffentlicht 12.11.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:49

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

  • EPSS 18.69%
  • Veröffentlicht 16.06.2009 21:00:00
  • Zuletzt bearbeitet 16.06.2026 23:00:27

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b...

  • EPSS 10.05%
  • Veröffentlicht 05.06.2009 16:00:00
  • Zuletzt bearbeitet 16.06.2026 23:04:07

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i...

  • EPSS 94.44%
  • Veröffentlicht 05.06.2009 16:00:00
  • Zuletzt bearbeitet 16.06.2026 23:05:20

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel...

  • EPSS 0.81%
  • Veröffentlicht 05.06.2009 16:00:00
  • Zuletzt bearbeitet 16.06.2026 23:05:48

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) ...