Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 4.1.9 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2002-1394
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148....
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10
5
CVSSv2
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet....
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10
4.3
CVSSv2
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 5.5.0
3.5
CVSSv2
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 4.1.32Apache Tomcat 4.1.33Apache Tomcat 4.1.34Apache Tomcat 4.1.35Apache Tomcat 4.1.36
5
CVSSv2
CVE-2009-0033
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 4.1.32Apache Tomcat 4.1.33Apache Tomcat 4.1.34Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.37Apache Tomcat 4.1.38Apache Tomcat 4.1.39Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16
4.3
CVSSv2
CVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.2Apache Tomcat 5.0.3Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.0.9Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.30Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13
5
CVSSv2
CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 4.1.32Apache Tomcat 4.1.33Apache Tomcat 4.1.34Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.37Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16
6.8
CVSSv2
CVE-2013-6357
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as...
Apache Tomcat 1.1.3Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 3.3.2Apache Tomcat 4Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.12Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 5Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.2Apache Tomcat 5.0.3Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.0.9Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.30Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat
3.5
CVSSv2
CVE-2007-2450
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.2Apache Tomcat 5.0.3Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.0.9Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.30Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13
4.3
CVSSv2
CVE-2009-0580
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11Apache Tomcat 4.1.12Apache Tomcat 4.1.13Apache Tomcat 4.1.14Apache Tomcat 4.1.15Apache Tomcat 4.1.16Apache Tomcat 4.1.17Apache Tomcat 4.1.18Apache Tomcat 4.1.19Apache Tomcat 4.1.20Apache Tomcat 4.1.21Apache Tomcat 4.1.22Apache Tomcat 4.1.23Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.26Apache Tomcat 4.1.27Apache Tomcat 4.1.28Apache Tomcat 4.1.29Apache Tomcat 4.1.30Apache Tomcat 4.1.31Apache Tomcat 4.1.32Apache Tomcat 4.1.33Apache Tomcat 4.1.34Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.37Apache Tomcat 4.1.38Apache Tomcat 4.1.39Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.25Apache Tomcat 5.5.26Apache Tomcat 5.5.27Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.15Apache Tomcat 6.0.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless