Apache

Tomcat

231 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-1355

Exploit
  • EPSS 82.98%
  • Published 21.05.2007 20:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker...

4.3

CVE-2006-7195

  • EPSS 10.89%
  • Published 10.05.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

4.3

CVE-2006-7196

  • EPSS 78.09%
  • Published 10.05.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via...

2.6

CVE-2007-1358

  • EPSS 45.21%
  • Published 10.05.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform ...

2.6

CVE-2007-1858

  • EPSS 7.45%
  • Published 10.05.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information o...

7.8

CVE-2006-7197

  • EPSS 2.48%
  • Published 25.04.2007 20:19:00
  • Last modified 09.04.2025 00:30:58

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

5

CVE-2007-0450

  • EPSS 86.12%
  • Published 16.03.2007 22:19:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence...

5

CVE-2006-3835

Exploit
  • EPSS 51.61%
  • Published 25.07.2006 13:22:00
  • Last modified 03.04.2025 01:03:51

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

5

CVE-2005-4703

Exploit
  • EPSS 18.35%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp...

7.8

CVE-2005-4836

  • EPSS 0.8%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.