Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 3.1 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2000-0760
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension....
Apache Tomcat 3.0Apache Tomcat 3.1
NA
CVE-2003-0042
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character....
Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1Apache Tomcat 3.2.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3
NA
CVE-2003-0043
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file....
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.3
NA
CVE-2000-0672
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory....
Apache Tomcat 3.0Apache Tomcat 3.1
NA
CVE-2005-0808
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007....
Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.3.1aApache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3Apache Tomcat 3.3.1
NA
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML....
Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.3.1aApache Tomcat 3.2Apache Tomcat 3.2.1
NA
CVE-2002-2006
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets....
Apache Tomcat 3.0Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 4.1.0
NA
CVE-2003-0045
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp....
Apache Tomcat 3.2.1Apache Tomcat 3.2.3Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1
NA
CVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path....
Apache Tomcat 3.1
NA
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet....
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1Apache Tomcat 4.0.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 4.1.0Apache Tomcat 4.1.10Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 4.0.1Apache Tomcat 4.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-20963CVE-2023-28626remote attackersfile inclusionCVE-2023-28447CVE-2023-27394CVE-2023-23529CVE-2023-27231XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook