Apache

Tomcat

231 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2005-4838

  • EPSS 8.08%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx...

5

CVE-2005-3510

  • EPSS 20.51%
  • Published 06.11.2005 11:02:00
  • Last modified 03.04.2025 01:03:51

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

2.6

CVE-2005-3164

  • EPSS 3.39%
  • Published 06.10.2005 10:02:00
  • Last modified 03.04.2025 01:03:51

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request,...

4.3

CVE-2005-2090

Exploit
  • EPSS 81.99%
  • Published 05.07.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header...

5

CVE-2005-0808

  • EPSS 17.54%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

5

CVE-2003-0866

Exploit
  • EPSS 20.41%
  • Published 17.11.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

6.8

CVE-2002-1567

Exploit
  • EPSS 48.22%
  • Published 06.10.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

5

CVE-2003-0042

  • EPSS 55.83%
  • Published 07.02.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

5

CVE-2003-0043

  • EPSS 2.26%
  • Published 07.02.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

6.8

CVE-2003-0044

  • EPSS 27.29%
  • Published 07.02.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.