Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 3.2.3 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote malicious users to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examp...
Apache Tomcat 3.2.4Apache Tomcat 3.2.3
NA
CVE-2003-0045
Jakarta Tomcat prior to 3.3.1a on certain Windows systems may allow remote malicious users to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
Apache Tomcat 3.2.1Apache Tomcat 3.2.3Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1
NA
CVE-2003-0042
Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote malicious users to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1Apache Tomcat 3.2.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3
NA
CVE-2003-0043
Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote malicious users to read portions of some files through the web.xml file.
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3.1Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.3
NA
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x up to and including 3.3.1a allow remote malicious users to insert arbitrary web script or HTML.
Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.3.1aApache Tomcat 3.2Apache Tomcat 3.2.1
NA
CVE-2005-0808
Apache Tomcat prior to 5.x allows remote malicious users to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.3.1aApache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.3Apache Tomcat 3.3.1
NA
CVE-2002-2006
The default installation of Apache Tomcat 4.0 up to and including 4.1 and 3.0 up to and including 3.3.1 allows remote malicious users to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Apache Tomcat 3.1Apache Tomcat 3.2.1Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 4.1.0Apache Tomcat 3.1.1Apache Tomcat 4.0.2Apache Tomcat 4.0.0Apache Tomcat 3.2.3Apache Tomcat 3.2Apache Tomcat 3.3.1Apache Tomcat 3.3
NA
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and previous versions allows remote malicious users to read source code for server files via a direct request to the servlet.
Apache Tomcat 3.1Apache Tomcat 4.0.4Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 3.2.2Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.0Apache Tomcat 3.1.1Apache Tomcat 4.0.2Apache Tomcat 4.0.0Apache Tomcat 3.2.3Apache Tomcat 3.2Apache Tomcat 3.3.1Apache Tomcat 3.3
NA
CVE-2013-6357
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demons...
Apache Tomcat 3.1Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.36Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5Apache TomcatApache Tomcat 5.0.19Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 3.2.2Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.0.7
NA
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 5.5.27Apache Tomcat 3.1Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 3.2.2Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook