Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 4.1.3 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2002-1394
Apache Tomcat 4.0.5 and previous versions, when using both the invoker servlet and the default servlet, allows remote malicious users to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Apache Tomcat 4.0.4Apache Tomcat 4.1.9Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.0Apache Tomcat 4.0.2Apache Tomcat 4.0.5Apache Tomcat 4.0.0
NA
CVE-2007-3383
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 up to and including 4.0.6 and 4.1.0 up to and including 4.1.36 allows remote malicious users to inject arbitrary web script or HTML ...
Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.36Apache Tomcat 4.1.24Apache Tomcat 4.1.31Apache Tomcat 4.0.6Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 4.1.1Apache Tomcat 4.1.28Apache Tomcat 4.1.15Apache Tomcat 4.1.10Apache Tomcat 4.1.0Apache Tomcat 4.0.2Apache Tomcat 4.1.3Apache Tomcat 4.0.5Apache Tomcat 4.0.0
NA
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and previous versions allows remote malicious users to read source code for server files via a direct request to the servlet.
Apache Tomcat 3.1Apache Tomcat 4.0.4Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 3.2.2Apache Tomcat 3.2.4Apache Tomcat 3.0Apache Tomcat 4.0.3Apache Tomcat 4.0.1Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 4.1.0Apache Tomcat 3.1.1Apache Tomcat 4.0.2Apache Tomcat 4.0.0Apache Tomcat 3.2.3Apache Tomcat 3.2Apache Tomcat 3.3.1Apache Tomcat 3.3
NA
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 up to and including 4.1.31 allows remote malicious users to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable...
Apache Tomcat 4.1.2Apache Tomcat 4.1.21Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.4Apache Tomcat 4.1.27Apache Tomcat 4.1.30Apache Tomcat 4.1.7Apache Tomcat 4.1.11Apache Tomcat 4.1.18Apache Tomcat 4.1.14Apache Tomcat 4.1.19Apache Tomcat 4.1.31Apache Tomcat 4.1.16Apache Tomcat 4.1.29Apache Tomcat 4.1.22Apache Tomcat 4.1.5Apache Tomcat 4.1.26Apache Tomcat 4.1.13Apache Tomcat 4.1.8Apache Tomcat 4.1.17Apache Tomcat 5.5.0
NA
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0, 5.0.0, 5.5.0 up to and including 5.5.25, and 6.0.0 up to and including 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write...
Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.21Apache Tomcat 4.1.24Apache Tomcat 4.1.25Apache Tomcat 4.1.4Apache Tomcat 4.1.27Apache Tomcat 4.1.30Apache Tomcat 4.1.7Apache Tomcat 4.1.11Apache Tomcat 4.1.18Apache Tomcat 4.1.14Apache Tomcat 4.1.19Apache Tomcat 4.1.31Apache Tomcat 4.1.16Apache Tomcat 4.1.29Apache Tomcat 4.1.22Apache Tomcat 4.0.6Apache Tomcat 4.1.5Apache Tomcat 4.1.26
NA
CVE-2008-2370
Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct dire...
Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.4Apache Tomcat 5.5.20
NA
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.39Apache Tomcat 5.5.20
NA
CVE-2007-2450
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.24, and 6.0.0 up to and...
Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.0.7Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 6.0.4
NA
CVE-2009-0580
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26
NA
CVE-2009-0033
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook