Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 4.1.0 vulnerabilities and exploits

(subscribe to this query)

2.6
CVSSv2
CVE-2007-1358
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"....
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat
7.5
CVSSv2
CVE-2002-1394
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148....
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10
5
CVSSv2
CVE-2002-2006
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets....
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.1.0
4.3
CVSSv2
CVE-2007-3383
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.36
5
CVSSv2
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet....
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10
6.8
CVSSv2
CVE-2002-1567
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script....
Apache Tomcat 4.1.0
4.3
CVSSv2
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 5.5.0
2.6
CVSSv2
CVE-2005-3164
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an...
Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.12Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Software Foundation Tomcat 4.1Apache Software Foundation Tomcat 4.1.32Apache Software Foundation Tomcat 4.1.34Hitachi Cosminexus Application Server 05 00 05 05 EHitachi Cosminexus Application Server 05 00 05 05 FHitachi Cosminexus Application Server 05 00 05 05 HHitachi Cosminexus Application Server 05 00 05 05 K
3.5
CVSSv2
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 4.1.32Apache Tomcat 4.1.33Apache Tomcat 4.1.34Apache Tomcat 4.1.35Apache Tomcat 4.1.36
4.3
CVSSv2
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.12Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Software Foundation Tomcat 4.1Apache Software Foundation Tomcat 4.1.32Apache Software Foundation Tomcat 4.1.34Apache Software Foundation Tomcat 4.1.37Apache Software Foundation Tomcat 5.5.26Apache Software Foundation Tomcat 6.0.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless