Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 4.1.33 vulnerabilities and exploits

(subscribe to this query)
2.6
CVSSv2
CVE-2008-4308
The doRead method in Apache Tomcat 4.1.32 up to and including 4.1.34 and 5.5.10 up to and including 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
Apache Tomcat 5.5.18Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 4.1.33Apache Tomcat 5.5.13Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 4.1.34Apache Tomcat 4.1.32
7.8
CVSSv2
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.
Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.21Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.39Apache Tomcat 4.1.27Apache Tomcat 4.1.30Apache Tomcat 4.1.18Apache Tomcat 4.1.40Apache Tomcat 4.1.19Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.16Apache Tomcat 4.1.29Apache Tomcat 4.1.22Apache Tomcat 4.1.26Apache Tomcat 4.1.17Apache Tomcat 4.1.33Apache Tomcat 4.1.15Apache Tomcat 4.1.20Apache Tomcat 4.1.23
3.5
CVSSv2
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0, 5.0.0, 5.5.0 up to and including 5.5.25, and 6.0.0 up to and including 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write...
Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.21Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.4Apache Tomcat 4.1.27Apache Tomcat 4.1.30Apache Tomcat 4.1.7Apache Tomcat 4.1.11Apache Tomcat 4.1.18Apache Tomcat 4.1.14Apache Tomcat 4.1.19Apache Tomcat 4.1.31Apache Tomcat 4.1.16Apache Tomcat 4.1.29Apache Tomcat 4.1.22Apache Tomcat 4.0.6Apache Tomcat 4.1.5Apache Tomcat 4.1.26
5
CVSSv2
CVE-2008-2370
Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct dire...
Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.4Apache Tomcat 5.5.20
5
CVSSv2
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.39Apache Tomcat 5.5.20
5
CVSSv2
CVE-2009-0033
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26
4.3
CVSSv2
CVE-2009-0580
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26
4.3
CVSSv2
CVE-2009-0781
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 allows remote malicious users to inje...
Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.4
7.5
CVSSv2
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 5.5.27Apache Tomcat 3.1Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 3.2.2Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4
2.6
CVSSv2
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2.11Apache Mod Jk 1.2.25Apache Mod Jk 1.2.9Apache Mod Jk 1.2.19Apache Mod Jk 1.2.23Apache Mod Jk 1.2.16Apache Mod Jk 1.2.6Apache Mod Jk 1.2.17Apache Mod Jk 1.2.24Apache Mod Jk 1.2.22Apache Mod Jk 1.2Apache Mod Jk 1.2.13Apache Mod Jk 1.2.8Apache Mod Jk 1.2.10Apache Mod Jk 1.2.7Apache Mod Jk 1.2.20Apache Mod Jk 1.2.21Apache Mod Jk 1.2.1Apache Mod Jk 1.2.15Apache Mod Jk 1.2.12Apache Mod Jk 1.2.14.1Apache Mod Jk 1.2.14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook