Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 7.0.13 vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2011-1582
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists...
Apache Tomcat 7.0.12Apache Tomcat 7.0.13
NA
CVE-2011-2481
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is...
Apache Tomcat 7.0.12Apache Tomcat 7.0.8Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.5Apache Tomcat 7.0.0Apache Tomcat 7.0.6Apache Tomcat 7.0.14Apache Tomcat 7.0.11Apache Tomcat 7.0.7Apache Tomcat 7.0.13Apache Tomcat 7.0.10Apache Tomcat 7.0.9Apache Tomcat 7.0.4Apache Tomcat 7.0.3
NA
CVE-2011-3376
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager...
Apache Tomcat 7.0.0Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.17Apache Tomcat 7.0.15Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.20Apache Tomcat 7.0.21
NA
CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read...
Apache Tomcat 5.5.32Apache Tomcat 5.5.33Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Apache Commons Daemon 1.0.3Apache Apache Commons Daemon 1.0.4Apache Apache Commons Daemon 1.0.5Apache Apache Commons Daemon 1.0.6Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.19
NA
CVE-2013-2071
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for...
Apache Tomcat 7.0.15Apache Tomcat 7.0.30Apache Tomcat 7.0.23Apache Tomcat 7.0.11Apache Tomcat 7.0.0Apache Tomcat 7.0.4Apache Tomcat 7.0.25Apache Tomcat 7.0.13Apache Tomcat 7.0.2Apache Tomcat 7.0.1Apache Tomcat 7.0.16Apache Tomcat 7.0.7Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.20Apache Tomcat 7.0.17Apache Tomcat 7.0.3Apache Tomcat 7.0.19Apache Tomcat 7.0.22Apache Tomcat 7.0.21Apache Tomcat 7.0.18Apache Tomcat 7.0.14Apache Tomcat 7.0.10Apache Tomcat 7.0.28Apache Tomcat 7.0.12Apache Tomcat 7.0.9Apache Tomcat 7.0.8Apache Tomcat 7.0.32
NA
CVE-2011-3375
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic...
Apache Tomcat 6.0.33Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Tomcat 7.0.15Apache Tomcat 7.0.14Apache Tomcat 7.0.6Apache Tomcat 7.0.5Apache Tomcat 7.0.21Apache Tomcat 7.0.20Apache Tomcat 7.0.13Apache Tomcat 7.0.12Apache Tomcat 7.0.11Apache Tomcat 7.0.4Apache Tomcat 7.0.3Apache Tomcat 7.0.19Apache Tomcat 7.0.18Apache Tomcat 7.0.10Apache Tomcat 7.0.9Apache Tomcat 7.0.2Apache Tomcat 7.0.1Apache Tomcat 7.0.17Apache Tomcat 7.0.16Apache Tomcat 7.0.8Apache Tomcat 7.0.7Apache Tomcat 7.0.0
NA
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file....
Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.19Apache Tomcat 7.0.2Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.4Apache Tomcat 7.0.1Apache Tomcat 7.0.10Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache TomcatApache Tomcat 7.0.0Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.3Apache Tomcat 7.0.30Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.20Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.35Apache Tomcat 7.0.36
NA
CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...
Apache Tomcat 6.0.33Apache Tomcat 6.0.21Apache Tomcat 6.0.31Apache Tomcat 6.0.29Apache Tomcat 6.0.24Apache Tomcat 6.0.32Apache Tomcat 6.0.28Apache Tomcat 6.0.30Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 6.0.35Apache Tomcat 6.0.36Apache Tomcat 7.0.2Apache Tomcat 7.0.12Apache Tomcat 7.0.20Apache Tomcat 7.0.8Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Tomcat 7.0.4Apache Tomcat 7.0.22Apache Tomcat 7.0.28Apache Tomcat 7.0.0Apache Tomcat 7.0.6Apache Tomcat 7.0.18Apache Tomcat 7.0.14Apache Tomcat 7.0.11Apache Tomcat 7.0.23Apache Tomcat 7.0.7Apache Tomcat 7.0.13Apache Tomcat 7.0.30Apache Tomcat 7.0.15Apache Tomcat 7.0.19Apache Tomcat 7.0.16Apache Tomcat 7.0.10Apache Tomcat 7.0.25Apache Tomcat 7.0.32Apache Tomcat 7.0.21Apache Tomcat 7.0.17Apache Tomcat 7.0.9Apache Tomcat 7.0.3
NA
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier....
Apache Tomcat 6.0.15Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.4Apache Tomcat 6.0.28Apache Tomcat 6.0.1Apache Tomcat 6.0.0Apache Tomcat 6.0.32Apache Tomcat 6.0.13Apache Tomcat 6.0.24Apache Tomcat 6.0.16Apache Tomcat 6.0.14Apache Tomcat 6.0.6Apache Tomcat 6.0.29Apache Tomcat 6.0.7Apache Tomcat 6.0.17Apache Tomcat 6.0.27Apache Tomcat 6.0.3Apache Tomcat 6.0.11Apache Tomcat 6.0.10Apache Tomcat 6.0.30Apache Tomcat 6.0Apache Tomcat 6.0.35Apache Tomcat 6.0.2Apache Tomcat 6.0.5Apache Tomcat 6.0.31Apache Tomcat 6.0.12Apache Tomcat 6.0.33Apache Tomcat 6.0.18Apache Tomcat 6.0.26Apache Tomcat 6.0.20Apache Tomcat 6.0.19Apache Tomcat 7.0.23Apache Tomcat 7.0.2Apache Tomcat 7.0.6Apache Tomcat 7.0.21Apache Tomcat 7.0.17Apache Tomcat 7.0.14Apache Tomcat 7.0.28Apache Tomcat 7.0.12Apache Tomcat 7.0.9Apache Tomcat 7.0.8Apache Tomcat 7.0.13Apache Tomcat 7.0.5Apache Tomcat 7.0.1Apache Tomcat 7.0.20Apache Tomcat 7.0.0Apache Tomcat 7.0.3Apache Tomcat 7.0.19Apache Tomcat 7.0.22Apache Tomcat 7.0.4Apache Tomcat 7.0.16Apache Tomcat 7.0.7Apache Tomcat 7.0.18Apache Tomcat 7.0.15Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.25Apache Tomcat 7.0.30
NA
CVE-2012-3544
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data....
Apache Tomcat 6.0.33Apache Tomcat 6.0.0Apache Tomcat 6.0.6Apache Tomcat 6.0.4Apache Tomcat 6.0.11Apache Tomcat 6.0.7Apache Tomcat 6.0.15Apache Tomcat 6.0.20Apache Tomcat 6.0.9Apache Tomcat 6.0.10Apache Tomcat 6.0.31Apache Tomcat 6.0.29Apache Tomcat 6.0.3Apache Tomcat 6.0.1Apache Tomcat 6.0.24Apache Tomcat 6.0.17Apache Tomcat 6.0Apache Tomcat 6.0.32Apache Tomcat 6.0.28Apache Tomcat 6.0.14Apache Tomcat 6.0.12Apache Tomcat 6.0.18Apache Tomcat 6.0.2Apache Tomcat 6.0.5Apache Tomcat 6.0.30Apache Tomcat 6.0.13Apache Tomcat 6.0.8Apache Tomcat 6.0.26Apache Tomcat 6.0.19Apache Tomcat 6.0.27Apache Tomcat 6.0.35Apache Tomcat 6.0.16Apache Tomcat 6.0.36Apache Tomcat 7.0.2Apache Tomcat 7.0.12Apache Tomcat 7.0.20Apache Tomcat 7.0.8Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Tomcat 7.0.4Apache Tomcat 7.0.22Apache Tomcat 7.0.28Apache Tomcat 7.0.0Apache Tomcat 7.0.6Apache Tomcat 7.0.18Apache Tomcat 7.0.14Apache Tomcat 7.0.11Apache Tomcat 7.0.23Apache Tomcat 7.0.7Apache Tomcat 7.0.13Apache Tomcat 7.0.15Apache Tomcat 7.0.19Apache Tomcat 7.0.16Apache Tomcat 7.0.10Apache Tomcat 7.0.25Apache Tomcat 7.0.21Apache Tomcat 7.0.17Apache Tomcat 7.0.9Apache Tomcat 7.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-4518malicious code‎validationCVE-2023-42916template injectionCVE-2023-41266CVE-2023-43089CVE-2023-5995CVE-2023-21746
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook