apache tomcat 7.0.3 vulnerabilities and exploits

(subscribe to this query)

6.8

CVSSv2

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file....

6.8

CVSSv2

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...

5

CVSSv2

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many...

Apache Tomcat 6.0.33 Apache Tomcat 6.0.34 Apache Tomcat 6.0.26 Apache Tomcat 6.0.25 Apache Tomcat 6.0.30 Apache Tomcat 6.0.29 Apache Tomcat 6.0.21 Apache Tomcat 6.0.20 Apache Tomcat 6.0.13 Apache Tomcat 6.0.12 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 7.0.19 Apache Tomcat 7.0.18 Apache Tomcat 7.0.11 Apache Tomcat 7.0.10 Apache Tomcat 7.0.3 Apache Tomcat 7.0.2 Apache Tomcat 5.5.35 Apache Tomcat 6.0.28 Apache Tomcat 6.0.27 Apache Tomcat 6.0.19 Apache Tomcat 6.0.18 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.3 Apache Tomcat 6.0.2 Apache Tomcat 7.0.17 Apache Tomcat 7.0.16 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.0 Apache Tomcat 6.0.17 Apache Tomcat 6.0.16 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.1 Apache Tomcat 6.0.0 Apache Tomcat 7.0.15 Apache Tomcat 7.0.14 Apache Tomcat 7.0.7 Apache Tomcat 7.0.6 Apache Tomcat 6.0.32 Apache Tomcat 6.0.31 Apache Tomcat 6.0.24 Apache Tomcat 6.0.23 Apache Tomcat 6.0.22 Apache Tomcat 6.0.15 Apache Tomcat 6.0.14 Apache Tomcat 6.0.7 Apache Tomcat 6.0.6 Apache Tomcat 7.0.22 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.13 Apache Tomcat 7.0.12 Apache Tomcat 7.0.5 Apache Tomcat 7.0.41 EDB exploit available1 Metasploit module available1 Github repository available

2.6

CVSSv2

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during...

Apache Tomcat 6.0.15 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.33 Apache Tomcat 6.0.14 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.29 Apache Tomcat 6.0.2 Apache Tomcat 6.0.1 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.4 Apache Tomcat 6.0.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.13 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.17 Apache Tomcat 6.0.18 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 6.0.30 Apache Tomcat 6.0 Apache Tomcat 6.0.35 Apache Tomcat 6.0.28 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.31 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.14 Apache Tomcat 7.0.3 Apache Tomcat 7.0.12 Apache Tomcat 7.0.8 Apache Tomcat 7.0.23 Apache Tomcat 7.0.2 Apache Tomcat 7.0.0 Apache Tomcat 7.0.16 Apache Tomcat 7.0.7 Apache Tomcat 7.0.18 Apache Tomcat 7.0.15 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.4 Apache Tomcat 7.0.25 Apache Tomcat 7.0.13 Apache Tomcat 7.0.1 Apache Tomcat 7.0.20 Apache Tomcat 7.0.19 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9

2.1

CVSSv2

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any...

Apache Tomcat 7.0.2 Apache Tomcat 7.0.49 Apache Tomcat 7.0.12 Apache Tomcat 7.0.20 Apache Tomcat 7.0.34 Apache Tomcat 7.0.8 Apache Tomcat 7.0.1 Apache Tomcat 7.0.5 Apache Tomcat 7.0.4 Apache Tomcat 7.0.22 Apache Tomcat 7.0.39 Apache Tomcat 7.0.26 Apache Tomcat 7.0.46 Apache Tomcat 7.0.28 Apache Tomcat 7.0.0 Apache Tomcat 7.0.50 Apache Tomcat 7.0.6 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.48 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.44 Apache Tomcat 7.0.7 Apache Tomcat 7.0.42 Apache Tomcat 7.0.37 Apache Tomcat 7.0.29 Apache Tomcat 7.0.45 Apache Tomcat 7.0.13 Apache Tomcat 7.0.47 Apache Tomcat 7.0.41 Apache Tomcat 7.0.31 Apache Tomcat 7.0.30 Apache Tomcat 7.0.15 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 7.0.10 Apache Tomcat 7.0.36 Apache Tomcat 7.0.25 Apache Tomcat 7.0.35 Apache Tomcat 7.0.43 Apache Tomcat 7.0.32 Apache Tomcat 7.0.38 Apache Tomcat 7.0.21 Apache Tomcat 7.0.27 Apache Tomcat 7.0.24 Apache Tomcat 7.0.17 Apache Tomcat 7.0.40 Apache Tomcat 7.0.9 Apache Tomcat 7.0.3 Apache Tomcat 7.0.331 Github repository available

4.3

CVSSv2

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at...

Apache Tomcat 6.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.29 Apache Tomcat 6.0.33 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 6.0.32 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.2 Apache Tomcat 6.0.4 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.31 Apache Tomcat 6.0.13 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.15 Apache Tomcat 6.0.30 Apache Tomcat 6.0.35 Apache Tomcat 6.0.17 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.17 Apache Tomcat 7.0.14 Apache Tomcat 7.0.3 Apache Tomcat 7.0.28 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9 Apache Tomcat 7.0.13 Apache Tomcat 7.0.2 Apache Tomcat 7.0.1 Apache Tomcat 7.0.20 Apache Tomcat 7.0.4 Apache Tomcat 7.0.0 Apache Tomcat 7.0.7 Apache Tomcat 7.0.19 Apache Tomcat 7.0.15 Apache Tomcat 7.0.23 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.21 Apache Tomcat 7.0.18 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.8

5

CVSSv2

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a...

Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.17 Apache Tomcat 6.0.0 Apache Tomcat 6.0.2 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 6.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.29 Apache Tomcat 6.0.1 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.33 Apache Tomcat 6.0.4 Apache Tomcat 6.0.18 Apache Tomcat 6.0.32 Apache Tomcat 6.0.13 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.15 Apache Tomcat 6.0.30 Apache Tomcat 6.0.28 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.31 Apache Tomcat 6.0.35 Apache Tomcat 7.0.6 Apache Tomcat 7.0.21 Apache Tomcat 7.0.18 Apache Tomcat 7.0.14 Apache Tomcat 7.0.10 Apache Tomcat 7.0.12 Apache Tomcat 7.0.4 Apache Tomcat 7.0.8 Apache Tomcat 7.0.13 Apache Tomcat 7.0.5 Apache Tomcat 7.0.20 Apache Tomcat 7.0.17 Apache Tomcat 7.0.0 Apache Tomcat 7.0.3 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9 Apache Tomcat 7.0.15 Apache Tomcat 7.0.23 Apache Tomcat 7.0.11 Apache Tomcat 7.0.2 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.1 Apache Tomcat 7.0.7 Apache Tomcat 7.0.19

5

CVSSv2

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a...

Apache Tomcat 5.5.30 Apache Tomcat 5.5.0 Apache Tomcat 5.5.8 Apache Tomcat 5.5.33 Apache Tomcat 5.5.18 Apache Tomcat 5.5.15 Apache Tomcat 5.5.3 Apache Tomcat 5.5.22 Apache Tomcat 5.5.2 Apache Tomcat 5.5.1 Apache Tomcat 5.5.28 Apache Tomcat 5.5.4 Apache Tomcat 5.5.29 Apache Tomcat 5.5.14 Apache Tomcat 5.5.11 Apache Tomcat 5.5.32 Apache Tomcat 5.5.20 Apache Tomcat 5.5.27 Apache Tomcat 5.5.9 Apache Tomcat 5.5.31 Apache Tomcat 5.5.17 Apache Tomcat 5.5.12 Apache Tomcat 5.5.24 Apache Tomcat 5.5.21 Apache Tomcat 5.5.19 Apache Tomcat 5.5.25 Apache Tomcat 5.5.10 Apache Tomcat 5.5.7 Apache Tomcat 5.5.6 Apache Tomcat 5.5.5 Apache Tomcat 5.5.16 Apache Tomcat 5.5.13 Apache Tomcat 5.5.23 Apache Tomcat 5.5.26 Apache Tomcat 6.0.15 Apache Tomcat 6.0.9 Apache Tomcat 6.0.29 Apache Tomcat 6.0.4 Apache Tomcat 6.0.27 Apache Tomcat 6.0.31 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.14 Apache Tomcat 6.0.6 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.32 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.0 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.13 Apache Tomcat 6.0.30 Apache Tomcat 6.0 Apache Tomcat 6.0.28 Apache Tomcat 6.0.17 Apache Tomcat 6.0.3 Apache Tomcat 6.0.26 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 7.0.6 Apache Tomcat 7.0.1 Apache Tomcat 7.0.3 Apache Tomcat 7.0.7 Apache Tomcat 7.0.2 Apache Tomcat 7.0.0 Apache Tomcat 7.0.5 Apache Tomcat 7.0.4 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8

4.3

CVSSv2

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass...

Apache Tomcat 5.5.10 Apache Tomcat 5.5.1 Apache Tomcat 5.5.6 Apache Tomcat 5.5.5 Apache Tomcat 5.5.16 Apache Tomcat 5.5.13 Apache Tomcat 5.5.26 Apache Tomcat 5.5.32 Apache Tomcat 5.5.28 Apache Tomcat 5.5.27 Apache Tomcat 5.5.4 Apache Tomcat 5.5.29 Apache Tomcat 5.5.14 Apache Tomcat 5.5.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.20 Apache Tomcat 5.5.21 Apache Tomcat 5.5.0 Apache Tomcat 5.5.25 Apache Tomcat 5.5.33 Apache Tomcat 5.5.7 Apache Tomcat 5.5.18 Apache Tomcat 5.5.15 Apache Tomcat 5.5.22 Apache Tomcat 5.5.23 Apache Tomcat 5.5.30 Apache Tomcat 5.5.9 Apache Tomcat 5.5.8 Apache Tomcat 5.5.31 Apache Tomcat 5.5.17 Apache Tomcat 5.5.24 Apache Tomcat 5.5.3 Apache Tomcat 5.5.19 Apache Tomcat 5.5.2 Apache Tomcat 6.0.30 Apache Tomcat 6.0 Apache Tomcat 6.0.28 Apache Tomcat 6.0.17 Apache Tomcat 6.0.18 Apache Tomcat 6.0.14 Apache Tomcat 6.0.6 Apache Tomcat 6.0.1 Apache Tomcat 6.0.0 Apache Tomcat 6.0.32 Apache Tomcat 6.0.24 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 6.0.15 Apache Tomcat 6.0.9 Apache Tomcat 6.0.29 Apache Tomcat 6.0.27 Apache Tomcat 6.0.3 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.26 Apache Tomcat 6.0.2 Apache Tomcat 6.0.10 Apache Tomcat 6.0.20 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 6.0.13 Apache Tomcat 6.0.31 Apache Tomcat 7.0.0 Apache Tomcat 7.0.4 Apache Tomcat 7.0.6 Apache Tomcat 7.0.1 Apache Tomcat 7.0.10 Apache Tomcat 7.0.7 Apache Tomcat 7.0.9 Apache Tomcat 7.0.11 Apache Tomcat 7.0.2 Apache Tomcat 7.0.8 Apache Tomcat 7.0.5 Apache Tomcat 7.0.3

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag....

Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.5 Apache Tomcat 7.0.0 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3 Apache Tomcat 6.0.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.10 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.9 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.1 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.5 Apache Tomcat 6.0.2 Apache Tomcat 6.0.13 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.16 Apache Tomcat 6.0.8 Apache Tomcat 5.5.27 Apache Tomcat 5.5.18 Apache Tomcat 5.5.12 Apache Tomcat 5.5.14 Apache Tomcat 5.5.10 Apache Tomcat 5.5.4 Apache Tomcat 5.5.7 Apache Tomcat 5.5.1 Apache Tomcat 5.5.11 Apache Tomcat 5.5.28 Apache Tomcat 5.5.6 Apache Tomcat 5.5.26 Apache Tomcat 5.5.20 Apache Tomcat 5.5.15 Apache Tomcat 5.5.5 Apache Tomcat 5.5.30 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.3 Apache Tomcat 5.5.31 Apache Tomcat 5.5.9 Apache Tomcat 5.5.25 Apache Tomcat 5.5.2 Apache Tomcat 5.5.0 Apache Tomcat 5.5.13 Apache Tomcat 5.5.24 Apache Tomcat 5.5.8 Apache Tomcat 5.5.16 Apache Tomcat 5.5.17 Apache Tomcat 5.5.29 Apache Tomcat 5.5.19 Apache Tomcat 5.5.23

Get Started

« PREV 1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook