apache tomcat 7.0 vulnerabilities and exploits

(subscribe to this query)

7.2

CVSSv2

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before...

Apache Tomcat 6.0 Apache Tomcat 7.0 Apache Tomcat 8.01 EDB exploit available7 Github repositories available

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag....

Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.5 Apache Tomcat 7.0.0 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3 Apache Tomcat 6.0.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.10 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.9 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.1 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.5 Apache Tomcat 6.0.2 Apache Tomcat 6.0.13 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.16 Apache Tomcat 6.0.8 Apache Tomcat 5.5.27 Apache Tomcat 5.5.18 Apache Tomcat 5.5.12 Apache Tomcat 5.5.14 Apache Tomcat 5.5.10 Apache Tomcat 5.5.4 Apache Tomcat 5.5.7 Apache Tomcat 5.5.1 Apache Tomcat 5.5.11 Apache Tomcat 5.5.28 Apache Tomcat 5.5.6 Apache Tomcat 5.5.26 Apache Tomcat 5.5.20 Apache Tomcat 5.5.15 Apache Tomcat 5.5.5 Apache Tomcat 5.5.30 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.3 Apache Tomcat 5.5.31 Apache Tomcat 5.5.9 Apache Tomcat 5.5.25 Apache Tomcat 5.5.2 Apache Tomcat 5.5.0 Apache Tomcat 5.5.13 Apache Tomcat 5.5.24 Apache Tomcat 5.5.8 Apache Tomcat 5.5.16 Apache Tomcat 5.5.17 Apache Tomcat 5.5.29 Apache Tomcat 5.5.19 Apache Tomcat 5.5.23

6.8

CVSSv2

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by...

Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.11 Apache Tomcat 8.0.12 Apache Tomcat 8.0.23 Apache Tomcat 8.0.24 Apache Tomcat 7.0.14 Apache Tomcat 7.0.16 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.35 Apache Tomcat 7.0.37 Apache Tomcat 7.0.5 Apache Tomcat 7.0.50 Apache Tomcat 7.0.59 Apache Tomcat 7.0.6 Apache Tomcat 8.0.27 Apache Tomcat 8.0.0 Apache Tomcat 8.0.14 Apache Tomcat 8.0.15 Apache Tomcat 8.0.26 Apache Tomcat 7.0.65 Apache Tomcat 7.0.19 Apache Tomcat 7.0.2 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.39 Apache Tomcat 7.0.4 Apache Tomcat 7.0.52 Apache Tomcat 7.0.53 Apache Tomcat 7.0.61 Apache Tomcat 7.0.62 Apache Tomcat 7.0.63 Apache Tomcat 8.0.17 Apache Tomcat 8.0.18 Apache Tomcat 7.0.0 Apache Tomcat 7.0.10 Apache Tomcat 7.0.20 Apache Tomcat 7.0.21 Apache Tomcat 7.0.29 Apache Tomcat 7.0.30 Apache Tomcat 7.0.32 Apache Tomcat 7.0.40 Apache Tomcat 7.0.41 Apache Tomcat 7.0.54 Apache Tomcat 7.0.55 Apache Tomcat 7.0.64 Apache Tomcat 9.0.0 Apache Tomcat 8.0.3 Apache Tomcat 8.0.1 Apache Tomcat 8.0.20 Apache Tomcat 8.0.21 Apache Tomcat 8.0.22 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.22 Apache Tomcat 7.0.23 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.42 Apache Tomcat 7.0.47 Apache Tomcat 7.0.56 Apache Tomcat 7.0.57 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 15.10 Debian Debian Linux 8.0 Debian Debian Linux 7.01 Github repository available

4.6

CVSSv2

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is...

Apache Tomcat 7.0.12 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.5 Apache Tomcat 7.0.0 Apache Tomcat 7.0.6 Apache Tomcat 7.0.14 Apache Tomcat 7.0.11 Apache Tomcat 7.0.7 Apache Tomcat 7.0.13 Apache Tomcat 7.0.10 Apache Tomcat 7.0.9 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3

5

CVSSv2

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read...

4

CVSSv2

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass...

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Debian Debian Linux 8.0 Debian Debian Linux 7.0 Apache Tomcat 8.0.27 Apache Tomcat 7.0.67 Apache Tomcat 7.0.65 Apache Tomcat 8.0.18 Apache Tomcat 8.0.17 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 7.0.57 Apache Tomcat 7.0.56 Apache Tomcat 7.0.47 Apache Tomcat 7.0.42 Apache Tomcat 7.0.34 Apache Tomcat 7.0.33 Apache Tomcat 7.0.23 Apache Tomcat 7.0.22 Apache Tomcat 7.0.12 Apache Tomcat 7.0.11 Apache Tomcat 6.0.4 Apache Tomcat 6.0.39 Apache Tomcat 6.0.28 Apache Tomcat 6.0.26 Apache Tomcat 6.0.16 Apache Tomcat 6.0.14 Apache Tomcat 6.0.0 Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.21 Apache Tomcat 8.0.20 Apache Tomcat 8.0.1 Apache Tomcat 7.0.61 Apache Tomcat 7.0.6 Apache Tomcat 7.0.50 Apache Tomcat 7.0.5 Apache Tomcat 7.0.37 Apache Tomcat 7.0.35 Apache Tomcat 7.0.27 Apache Tomcat 7.0.26 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.14 Apache Tomcat 6.0.41 Apache Tomcat 6.0.30 Apache Tomcat 6.0.29 Apache Tomcat 6.0.2 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 8.0.30 Apache Tomcat 8.0.3 Apache Tomcat 8.0.23 Apache Tomcat 8.0.22 Apache Tomcat 8.0.12 Apache Tomcat 8.0.11 Apache Tomcat 7.0.63 Apache Tomcat 7.0.62 Apache Tomcat 7.0.53 Apache Tomcat 7.0.52 Apache Tomcat 7.0.4 Apache Tomcat 7.0.39 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 7.0.2 Apache Tomcat 7.0.19 Apache Tomcat 6.0.44 Apache Tomcat 6.0.43 Apache Tomcat 6.0.35 Apache Tomcat 6.0.33 Apache Tomcat 6.0.32 Apache Tomcat 6.0.10 Apache Tomcat 9.0.0 Apache Tomcat 8.0.26 Apache Tomcat 8.0.24 Apache Tomcat 8.0.15 Apache Tomcat 8.0.14 Apache Tomcat 7.0.64 Apache Tomcat 7.0.55 Apache Tomcat 7.0.54 Apache Tomcat 7.0.41 Apache Tomcat 7.0.40 Apache Tomcat 7.0.32 Apache Tomcat 7.0.30 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.10 Apache Tomcat 7.0.0 Apache Tomcat 6.0.37 Apache Tomcat 6.0.36 Apache Tomcat 6.0.24 Apache Tomcat 6.0.20 Apache Tomcat 6.0.13 Apache Tomcat 6.0.11

5

CVSSv2

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a...

Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.5 Apache Tomcat 7.0.1 Apache Tomcat 7.0.7 Apache Tomcat 7.0.6 Apache Tomcat 7.0.0 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8 Apache Tomcat 7.0.3 Apache Tomcat 7.0.2 Apache Tomcat 7.0.42 Github repositories available

5

CVSSv2

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager...

Debian Debian Linux 7.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.10 Apache Tomcat 6.0.18 Apache Tomcat 6.0.19 Apache Tomcat 6.0.0 Apache Tomcat 6.0.13 Apache Tomcat 6.0.14 Apache Tomcat 6.0.2 Apache Tomcat 6.0.20 Apache Tomcat 6.0.30 Apache Tomcat 6.0.31 Apache Tomcat 6.0.4 Apache Tomcat 6.0.41 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.19 Apache Tomcat 7.0.2 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.32 Apache Tomcat 7.0.33 Apache Tomcat 7.0.4 Apache Tomcat 7.0.40 Apache Tomcat 7.0.47 Apache Tomcat 7.0.48 Apache Tomcat 7.0.55 Apache Tomcat 7.0.56 Apache Tomcat 8.0.0 Apache Tomcat 8.0.12 Apache Tomcat 8.0.14 Apache Tomcat 6.0.15 Apache Tomcat 6.0.16 Apache Tomcat 6.0.17 Apache Tomcat 6.0.24 Apache Tomcat 6.0.26 Apache Tomcat 6.0.32 Apache Tomcat 6.0.33 Apache Tomcat 6.0.43 Apache Tomcat 6.0.5 Apache Tomcat 6.0.9 Apache Tomcat 7.0.12 Apache Tomcat 7.0.13 Apache Tomcat 7.0.20 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.34 Apache Tomcat 7.0.35 Apache Tomcat 7.0.41 Apache Tomcat 7.0.42 Apache Tomcat 7.0.49 Apache Tomcat 7.0.5 Apache Tomcat 7.0.57 Apache Tomcat 7.0.6 Apache Tomcat 8.0.1 Apache Tomcat 8.0.3 Apache Tomcat 8.0.15 Apache Tomcat 6.0.27 Apache Tomcat 6.0.28 Apache Tomcat 6.0.35 Apache Tomcat 6.0.36 Apache Tomcat 6.0.6 Apache Tomcat 7.0.0 Apache Tomcat 7.0.14 Apache Tomcat 7.0.15 Apache Tomcat 7.0.21 Apache Tomcat 7.0.22 Apache Tomcat 7.0.29 Apache Tomcat 7.0.3 Apache Tomcat 7.0.36 Apache Tomcat 7.0.37 Apache Tomcat 7.0.43 Apache Tomcat 7.0.44 Apache Tomcat 7.0.50 Apache Tomcat 7.0.52 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 7.0.9 Apache Tomcat 8.0.5 Apache Tomcat 8.0.8 Apache Tomcat 6.0.11 Apache Tomcat 6.0.12 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.37 Apache Tomcat 6.0.39 Apache Tomcat 7.0.1 Apache Tomcat 7.0.16 Apache Tomcat 7.0.17 Apache Tomcat 7.0.18 Apache Tomcat 7.0.23 Apache Tomcat 7.0.24 Apache Tomcat 7.0.30 Apache Tomcat 7.0.31 Apache Tomcat 7.0.38 Apache Tomcat 7.0.39 Apache Tomcat 7.0.45 Apache Tomcat 7.0.46 Apache Tomcat 7.0.53 Apache Tomcat 7.0.54 Apache Tomcat 8.0.9 Apache Tomcat 8.0.11

6.8

CVSSv2

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and...

Apache Tomcat 7.0.0 Apache Tomcat 7.0.1 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.14 Apache Tomcat 7.0.15 Apache Tomcat 7.0.22 Apache Tomcat 7.0.23 Apache Tomcat 7.0.30 Apache Tomcat 7.0.31 Apache Tomcat 7.0.39 Apache Tomcat 7.0.40 Apache Tomcat 7.0.47 Apache Tomcat 7.0.48 Apache Tomcat 7.0.57 Apache Tomcat 7.0.58 Apache Tomcat 7.0.59 Apache Tomcat 7.0.66 Apache Tomcat 7.0.67 Apache Tomcat 7.0.74 Apache Tomcat 7.0.75 Apache Tomcat 7.0 Apache Tomcat 7.0.4 Apache Tomcat 7.0.12 Apache Tomcat 7.0.13 Apache Tomcat 7.0.20 Apache Tomcat 7.0.21 Apache Tomcat 7.0.28 Apache Tomcat 7.0.29 Apache Tomcat 7.0.37 Apache Tomcat 7.0.38 Apache Tomcat 7.0.45 Apache Tomcat 7.0.46 Apache Tomcat 7.0.55 Apache Tomcat 7.0.56 Apache Tomcat 7.0.64 Apache Tomcat 7.0.65 Apache Tomcat 7.0.72 Apache Tomcat 7.0.73 Apache Tomcat 7.0.2 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 7.0.16 Apache Tomcat 7.0.17 Apache Tomcat 7.0.24 Apache Tomcat 7.0.25 Apache Tomcat 7.0.32 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.41 Apache Tomcat 7.0.42 Apache Tomcat 7.0.49 Apache Tomcat 7.0.50 Apache Tomcat 7.0.60 Apache Tomcat 7.0.61 Apache Tomcat 7.0.68 Apache Tomcat 7.0.69 Apache Tomcat 7.0.76 Apache Tomcat 7.0.77 Apache Tomcat 7.0.3 Apache Tomcat 7.0.9 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.18 Apache Tomcat 7.0.19 Apache Tomcat 7.0.26 Apache Tomcat 7.0.27 Apache Tomcat 7.0.35 Apache Tomcat 7.0.36 Apache Tomcat 7.0.43 Apache Tomcat 7.0.44 Apache Tomcat 7.0.51 Apache Tomcat 7.0.54 Apache Tomcat 7.0.62 Apache Tomcat 7.0.63 Apache Tomcat 7.0.70 Apache Tomcat 7.0.71 Apache Tomcat 7.0.791 EDB exploit available80 Github repositories available1 Article available

6.5

CVSSv2

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote...

Debian Debian Linux 8.0 Debian Debian Linux 7.0 Apache Tomcat 8.0.30 Apache Tomcat 8.0.3 Apache Tomcat 8.0.24 Apache Tomcat 8.0.23 Apache Tomcat 8.0.12 Apache Tomcat 8.0.11 Apache Tomcat 7.0.63 Apache Tomcat 7.0.62 Apache Tomcat 7.0.54 Apache Tomcat 7.0.53 Apache Tomcat 7.0.4 Apache Tomcat 8.0.27 Apache Tomcat 7.0.67 Apache Tomcat 8.0.20 Apache Tomcat 8.0.18 Apache Tomcat 8.0.17 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 7.0.57 Apache Tomcat 7.0.47 Apache Tomcat 7.0.42 Apache Tomcat 7.0.34 Apache Tomcat 7.0.33 Apache Tomcat 7.0.25 Apache Tomcat 7.0.23 Apache Tomcat 7.0.12 Apache Tomcat 7.0.11 Apache Tomcat 9.0.0 Apache Tomcat 7.0.65 Apache Tomcat 8.0.26 Apache Tomcat 8.0.15 Apache Tomcat 8.0.14 Apache Tomcat 7.0.64 Apache Tomcat 7.0.56 Apache Tomcat 7.0.55 Apache Tomcat 7.0.41 Apache Tomcat 7.0.40 Apache Tomcat 7.0.32 Apache Tomcat 7.0.30 Apache Tomcat 7.0.22 Apache Tomcat 7.0.21 Apache Tomcat 7.0.10 Apache Tomcat 7.0.0 Apache Tomcat 7.0.39 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 7.0.20 Apache Tomcat 7.0.2 Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.22 Apache Tomcat 8.0.21 Apache Tomcat 8.0.1 Apache Tomcat 7.0.61 Apache Tomcat 7.0.6 Apache Tomcat 7.0.52 Apache Tomcat 7.0.50 Apache Tomcat 7.0.5 Apache Tomcat 7.0.37 Apache Tomcat 7.0.35 Apache Tomcat 7.0.27 Apache Tomcat 7.0.26 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.14 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 15.10

Get Started

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook