Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 16.82%
  • Veröffentlicht 11.10.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:48

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

  • EPSS 7.85%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:25

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang...

Exploit
  • EPSS 26.85%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:25

The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

  • EPSS 3.8%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:33

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

  • EPSS 12.24%
  • Veröffentlicht 23.07.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:56

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

  • EPSS 3.45%
  • Veröffentlicht 22.03.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:53:23

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

  • EPSS 4.93%
  • Veröffentlicht 31.12.2001 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:56:30

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifie...

Exploit
  • EPSS 13.82%
  • Veröffentlicht 06.12.2001 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:55:02

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

  • EPSS 8.18%
  • Veröffentlicht 22.11.2001 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:55:13

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.

Exploit
  • EPSS 10.96%
  • Veröffentlicht 02.08.2001 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:54:35

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).