Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 25.13%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:19:16

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp...

  • EPSS 3.5%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:19:32

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

  • EPSS 7.88%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:19:32

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx...

  • EPSS 5.95%
  • Veröffentlicht 06.11.2005 11:02:00
  • Zuletzt bearbeitet 16.06.2026 22:17:06

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

  • EPSS 6.52%
  • Veröffentlicht 06.10.2005 10:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:23

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request,...

Exploit
  • EPSS 29.78%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:13

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header...

  • EPSS 23.44%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:48

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Exploit
  • EPSS 32.66%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:06

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

Exploit
  • EPSS 26.8%
  • Veröffentlicht 06.10.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:34

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

  • EPSS 46.04%
  • Veröffentlicht 07.02.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:24

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.