- EPSS 16.82%
- Veröffentlicht 11.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:48
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
- EPSS 7.85%
- Veröffentlicht 04.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:25
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang...
- EPSS 26.85%
- Veröffentlicht 04.10.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:25
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
CVE-2002-0493
- EPSS 3.8%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:33
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVE-2002-0682
- EPSS 12.24%
- Veröffentlicht 23.07.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:57:56
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
- EPSS 3.45%
- Veröffentlicht 22.03.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:53:23
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
CVE-2001-1563
- EPSS 4.93%
- Veröffentlicht 31.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:56:30
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifie...
CVE-2001-0829
- EPSS 13.82%
- Veröffentlicht 06.12.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:02
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
- EPSS 8.18%
- Veröffentlicht 22.11.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:55:13
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
- EPSS 10.96%
- Veröffentlicht 02.08.2001 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:54:35
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).