CVE-2007-2449
- EPSS 77.38%
- Veröffentlicht 14.06.2007 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:39:37
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote att...
CVE-2007-2450
- EPSS 3.29%
- Veröffentlicht 14.06.2007 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:39:37
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote...
CVE-2007-1355
- EPSS 58.25%
- Veröffentlicht 21.05.2007 20:30:00
- Zuletzt bearbeitet 16.06.2026 22:37:24
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker...
CVE-2006-7195
- EPSS 5.48%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:33
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
CVE-2006-7196
- EPSS 72.17%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:33
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via...
CVE-2007-1358
- EPSS 19.89%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:25
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform ...
CVE-2007-1858
- EPSS 18.25%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:26
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information o...
CVE-2006-7197
- EPSS 8.32%
- Veröffentlicht 25.04.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:33
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
- EPSS 90.77%
- Veröffentlicht 16.03.2007 22:19:00
- Zuletzt bearbeitet 16.06.2026 22:35:35
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence...
- EPSS 45.58%
- Veröffentlicht 25.07.2006 13:22:00
- Zuletzt bearbeitet 16.06.2026 22:27:55
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.