Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4810
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote malicious users to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. N...
Hp Procurve Manager 3.20
Hp Procurve Manager 4.0
Hp Application Lifecycle Management -
Hp Identity Driven Manager 4.0
1 EDB exploit
NA
CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote malicious users to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Novell Imanager 2.7
Novell Imanager 2.7.4
Novell Imanager 2.7.3
Novell Imanager 2.7.1
Novell Imanager 2.7.5
Novell Imanager 2.7.2
Novell Imanager
NA
CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.30, when FORM authentication is used, allows remote malicious users to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_...
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.31
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.1
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.28
Apache Tomcat 6.0.14
Apache Tomcat 6.0.12
Apache Tomcat 6.0.18
NA
CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.32 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 6.0.6
Apache Tomcat 6.0.4
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.31
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.1
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.28
Apache Tomcat 6.0.14
Apache Tomcat 6.0.12
Apache Tomcat 6.0.18
NA
CVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote malicious users to cause a denial of service (infinite loop) by terminating the connectio...
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 6.0.6
Apache Tomcat 6.0.4
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.31
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.1
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.28
Apache Tomcat 6.0.14
Apache Tomcat 6.0.12
Apache Tomcat 6.0.18
NA
CVE-2012-5568
Apache Tomcat up to and including 7.0.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Apache Tomcat
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
2 Github repositories
NA
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.35
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
NA
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote malicious users to bypass authentic...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.35
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
NA
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote malicio...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.35
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
NA
CVE-2012-2733
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28 does not properly restrict the request-header size, which allows remote malicious users to cause a denial of service (memory consumptio...
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 6.0.6
Apache Tomcat 6.0.4
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.9
Apache Tomcat 6.0.10
Apache Tomcat 6.0.31
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.1
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.28
Apache Tomcat 6.0.14
Apache Tomcat 6.0.12
Apache Tomcat 6.0.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »