Apache

Tomcat

256 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2006-7197

  • EPSS 2.58%
  • Veröffentlicht 25.04.2007 20:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

5

CVE-2007-0450

  • EPSS 89.48%
  • Veröffentlicht 16.03.2007 22:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence...

5

CVE-2006-3835

Exploit
  • EPSS 51.51%
  • Veröffentlicht 25.07.2006 13:22:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

5

CVE-2005-4703

Exploit
  • EPSS 18.35%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp...

7.8

CVE-2005-4836

  • EPSS 0.92%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

4.3

CVE-2005-4838

  • EPSS 8.08%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx...

5

CVE-2005-3510

  • EPSS 20.51%
  • Veröffentlicht 06.11.2005 11:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

2.6

CVE-2005-3164

  • EPSS 3.39%
  • Veröffentlicht 06.10.2005 10:02:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request,...

4.3

CVE-2005-2090

Exploit
  • EPSS 81.97%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header...

5

CVE-2005-0808

  • EPSS 18.63%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.