Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 5.0.28 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2006-3835
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do....
Apache Tomcat 5.5.9Apache Tomcat 5.5.16Apache Tomcat 5.5.7Apache Tomcat 5.0.28Apache Tomcat 5.5.12
NA
CVE-2006-7195
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values....
Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.29Apache Tomcat 5.0.30Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.5.0Apache Tomcat 5.5.10Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.19Apache Tomcat 5.0.2Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.9Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.7Apache Tomcat 5.5.8
NA
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 5.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.15Apache Tomcat 5.5.2Apache Tomcat 5.5.9Apache TomcatApache Tomcat 4.0.6Apache Tomcat 5.0.0Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.3Apache Tomcat 5.0.30Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.3Apache Tomcat 5.5.4
NA
CVE-2007-1858
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified...
Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.30Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.2Apache Tomcat 5.5.3
NA
CVE-2007-2449
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary...
Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.30Apache Tomcat 5.0.4Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache TomcatApache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.9Apache Tomcat 6.0.0Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 5.5.20Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 6.0.13Apache Tomcat 6.0.2
NA
CVE-2007-1355
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web...
Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 4.1.31Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 6.0.10Apache Tomcat 6.0.2Apache Tomcat 6.0.9Apache Tomcat 4.0.0Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.30Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 5.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 6.0.3Apache Tomcat 6.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.19Apache Tomcat 5.0.2Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.8Apache Tomcat 5.0.9Apache Tomcat 6.0.5Apache Tomcat 6.0.6
NA
CVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Apache Tomcat 4.1.1Apache Tomcat 4.1.10Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.30Apache Tomcat 5.0.4Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.5Apache Tomcat 3.3Apache Tomcat 4.1.15Apache Tomcat 4.1.2Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.9Apache Tomcat 6.0.0Apache Tomcat 6.0.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 6.0.13Apache Tomcat 6.0.2Apache Tomcat 6.0.9Apache Tomcat 6.0.4Apache Tomcat 6.0.6
NA
CVE-2013-6357
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as...
Apache TomcatApache Tomcat 5.5.23Apache Tomcat 5.5.19Apache Tomcat 5.5.17Apache Tomcat 5.5.10Apache Tomcat 5.5.0Apache Tomcat 5.0.30Apache Tomcat 5.0.29Apache Tomcat 5.0.24Apache Tomcat 5.0.22Apache Tomcat 5.0.15Apache Tomcat 5.0.13Apache Tomcat 4.1.9Apache Tomcat 4.1.31Apache Tomcat 4.1.24Apache Tomcat 4.1.15Apache Tomcat 4.0.4Apache Tomcat 4.0.2Apache Tomcat 3.3Apache Tomcat 3.2.3Apache Tomcat 3.1.1Apache Tomcat 3.0Apache Tomcat 5.5.3Apache Tomcat 5.5.8Apache Tomcat 5.5.22Apache Tomcat 5.5.21Apache Tomcat 5.5.20Apache Tomcat 5.5.2Apache Tomcat 5.0.8Apache Tomcat 5.0.7Apache Tomcat 5.0.6Apache Tomcat 5.0.5Apache Tomcat 5.0.2Apache Tomcat 5.0.19Apache Tomcat 5.0.18Apache Tomcat 5.0.17Apache Tomcat 5.0.16Apache Tomcat 4.1.3Apache Tomcat 4.1.29Apache Tomcat 4.1.28Apache Tomcat 4.0.0Apache Tomcat 4Apache Tomcat 3.3.2Apache Tomcat 3.3.1aApache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.15Apache Tomcat 5.5.14Apache Tomcat 5.5.13Apache Tomcat 5.5.12Apache Tomcat 5.5.11Apache Tomcat 5.0.28Apache Tomcat 5.0.27Apache Tomcat 5.0.26Apache Tomcat 5.0.25Apache Tomcat 5.0.11Apache Tomcat 5.0.10Apache Tomcat 5.0.1Apache Tomcat 5.0.0Apache Tomcat 4.1.10Apache Tomcat 4.1.1Apache Tomcat 4.1.0Apache Tomcat 4.0.6Apache Tomcat 4.0.5Apache Tomcat 3.2.2Apache Tomcat 3.2.1Apache Tomcat 3.2Apache Tomcat 5.5.24Apache Tomcat 5.5.18Apache Tomcat 5.5.16Apache Tomcat 5.5.1Apache Tomcat 5.0.9Apache Tomcat 5.0.4Apache Tomcat 5.0.3Apache Tomcat 5.0.23Apache Tomcat 5.0.21Apache Tomcat 5.0.14Apache Tomcat 5.0.12Apache Tomcat 5Apache Tomcat 4.1.36Apache Tomcat 4.1.2Apache Tomcat 4.1.12Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 3.3.1Apache Tomcat 3.2.4Apache Tomcat 3.1Apache Tomcat 1.1.3Apache Tomcat 5.5.9
NA
CVE-2007-2450
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to...
Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.28Apache Tomcat 4.1.3Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.19Apache Tomcat 5.0.2Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.8Apache Tomcat 5.0.9Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 4.0.0Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.31Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.30Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.3Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.1.2Apache Tomcat 4.1.24Apache Tomcat 5.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.6Apache Tomcat 5.0.7Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.2Apache Tomcat 5.5.20Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 6.0.12Apache Tomcat 6.0.13Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.0.0Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.4Apache Tomcat 5.0.5Apache Tomcat 5.5.10Apache Tomcat 5.5.11Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 6.0.10Apache Tomcat 6.0.11Apache Tomcat 6.0.6Apache Tomcat 6.0.7
NA
CVE-2007-3382
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct...
Apache Tomcat 4.1.1Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.0.30Apache Tomcat 5.0.4Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.18Apache Tomcat 5.5.19Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 3.3Apache Tomcat 4.1.2Apache Tomcat 4.1.24Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.2Apache Tomcat 5.5.20Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.31Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.9Apache Tomcat 6.0.0Apache Tomcat 6.0.4Apache Tomcat 6.0.5Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 4.1.28Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 6.0.13Apache Tomcat 6.0.2Apache Tomcat 6.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-31805dosCVE-2022-26727CVE-2022-26712CVE-2022-1529CVE-2022-20807template injectionCVE-2022-26690cross-site scripting
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook