CVE-2008-5519
- EPSS 7.26%
- Veröffentlicht 09.04.2009 15:08:35
- Zuletzt bearbeitet 16.06.2026 23:00:28
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client t...
CVE-2009-0781
- EPSS 9.13%
- Veröffentlicht 09.03.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:48
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary...
CVE-2008-4308
- EPSS 3.91%
- Veröffentlicht 26.02.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:34
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
CVE-2008-3271
- EPSS 4.81%
- Veröffentlicht 13.10.2008 20:00:02
- Zuletzt bearbeitet 16.06.2026 22:55:30
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an insta...
CVE-2008-2938
- EPSS 99.71%
- Veröffentlicht 13.08.2008 00:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:46
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence...
CVE-2008-1232
- EPSS 75.87%
- Veröffentlicht 04.08.2008 01:41:00
- Zuletzt bearbeitet 16.06.2026 22:51:18
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to...
- EPSS 52.72%
- Veröffentlicht 04.08.2008 01:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:39
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver...
CVE-2008-1947
- EPSS 9.78%
- Veröffentlicht 04.06.2008 19:32:00
- Zuletzt bearbeitet 16.06.2026 22:52:48
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
- EPSS 62.58%
- Veröffentlicht 12.02.2008 01:00:00
- Zuletzt bearbeitet 16.06.2026 22:45:54
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se...
CVE-2007-6286
- EPSS 5.37%
- Veröffentlicht 12.02.2008 01:00:00
- Zuletzt bearbeitet 16.06.2026 22:47:45
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recen...