Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 7.0 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-0457
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote malicious users to upload and execute arbitrary JSP files via unknown vector...
Symantec Backupexec System Recovery 7.01
Symantec Backupexec System Recovery 7.0
2 EDB exploits
7.5
CVSSv2
CVE-2010-4368
awstats.cgi in AWStats prior to 7.0 on Windows accepts a configdir parameter in the URL, which allows remote malicious users to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
Awstats Awstats 6.4
Awstats Awstats 6.4 1
Awstats Awstats 2.2.3
Awstats Awstats 4.1
Awstats Awstats 5.9
Awstats Awstats 5.7
Awstats Awstats 5.0
Awstats Awstats
Awstats Awstats 3.0
Awstats Awstats 6.5
Awstats Awstats 2.1.
Awstats Awstats 6.5 1
Awstats Awstats 5.5
Awstats Awstats 5.4
Awstats Awstats 5.3
Awstats Awstats 5.2
Awstats Awstats 3.2
Awstats Awstats 6.2
Awstats Awstats 3.1
Awstats Awstats 6.3
Awstats Awstats 6.9
Awstats Awstats 6.6
7.5
CVSSv2
CVE-2010-4367
awstats.cgi in AWStats prior to 7.0 accepts a configdir parameter in the URL, which allows remote malicious users to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
Awstats Awstats 6.3
Awstats Awstats 2.2.4
Awstats Awstats 6.5 1
Awstats Awstats 2.2.3
Awstats Awstats 6.0
Awstats Awstats 5.9
Awstats Awstats 5.2
Awstats Awstats 5.1
Awstats Awstats 6.2
Awstats Awstats 3.1
Awstats Awstats 6.5
Awstats Awstats 2.1.
Awstats Awstats 6.7
Awstats Awstats 6.1
Awstats Awstats 5.4
Awstats Awstats 5.3
Awstats Awstats 6.4
Awstats Awstats 6.4 1
Awstats Awstats 6.5 1.857
Awstats Awstats 4.1
Awstats Awstats 1.0
Awstats Awstats 5.8
1 EDB exploit
7.2
CVSSv2
CVE-2016-9774
The postinst script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u4 on Debian wheezy, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u8 on Debian wheezy, prior to 7.0.56-3+deb8u6 on Debian jessie, prior to 7....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 7.0
Apache Tomcat 8.0
Apache Tomcat 6.0
7.2
CVSSv2
CVE-2016-9775
The postrm script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u3 on Debian wheezy, prior to 6.0.45+dfsg-1~deb8u1 on Debian jessie, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u7 on Debian wheezy, prior to...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 8.0
Apache Tomcat 6.0
Apache Tomcat 7.0
6.8
CVSSv2
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and a...
Apache Tomcat 7.0
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.8
Apache Tomcat 7.0.9
Apache Tomcat 7.0.10
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
Apache Tomcat 7.0.13
Apache Tomcat 7.0.14
Apache Tomcat 7.0.15
Apache Tomcat 7.0.16
Apache Tomcat 7.0.17
Apache Tomcat 7.0.18
Apache Tomcat 7.0.19
Apache Tomcat 7.0.20
1 EDB exploit
17 Github repositories
1 Article
5.1
CVSSv2
CVE-2016-5388
Apache Tomcat 7.x up to and including 7.0.70 and 8.x up to and including 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi...
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Hpc Node Eus 7.2
Hp System Management Homepage
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Oracle Linux 6
Oracle Linux 7
Apache Tomcat
1 Article
5
CVSSv2
CVE-2014-7810
The Expression Language (EL) implementation in Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.58, and 8.x prior to 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows malicious users to bypass a Secu...
Debian Debian Linux 7.0
Apache Tomcat 7.0.2
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 7.0.49
Apache Tomcat 6.0.39
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.53
Apache Tomcat 6.0.4
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.55
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.4
Apache Tomcat 6.0.7
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
5
CVSSv2
CVE-2012-5568
Apache Tomcat up to and including 7.0.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Apache Tomcat
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
2 Github repositories
5
CVSSv2
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 up to and including 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 up to and including 5.5.33, 6.0.30 up to and including 6.0.32, and 7.0.x prior to 7.0.20 on Linux, does not drop capabilities, which a...
Apache Tomcat 5.5.32
Apache Tomcat 5.5.33
Apache Tomcat 6.0.30
Apache Tomcat 6.0.31
Apache Tomcat 6.0.32
Apache Apache Commons Daemon 1.0.3
Apache Apache Commons Daemon 1.0.4
Apache Apache Commons Daemon 1.0.5
Apache Apache Commons Daemon 1.0.6
Apache Tomcat 7.0.0
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.3
Apache Tomcat 7.0.4
Apache Tomcat 7.0.5
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.8
Apache Tomcat 7.0.9
Apache Tomcat 7.0.10
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »