Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 4.1.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.15 allows remote malicious users to inject arbitrar...
Apache Tomcat
Apache Tomcat 4.0.0
Apache Tomcat 4.0.1
Apache Tomcat 4.0.2
Apache Tomcat 4.0.3
Apache Tomcat 4.0.4
Apache Tomcat 4.0.5
Apache Tomcat 4.0.6
Apache Tomcat 5.0.0
Apache Tomcat 5.0.1
Apache Tomcat 5.0.2
Apache Tomcat 5.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.1.1
Apache Tomcat 3.2
Apache Tomcat 3.2.1
Apache Tomcat 3.2.2
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.3
Apache Tomcat 3.3.1
Apache Tomcat 3.3.1a
Apache Tomcat 3.3.2
2 EDB exploits
1 Github repository
2.6
CVSSv2
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2
Apache Mod Jk 1.2.1
Apache Mod Jk 1.2.6
Apache Mod Jk 1.2.7
Apache Mod Jk 1.2.8
Apache Mod Jk 1.2.9
Apache Mod Jk 1.2.10
Apache Mod Jk 1.2.11
Apache Mod Jk 1.2.12
Apache Mod Jk 1.2.13
Apache Mod Jk 1.2.14
Apache Mod Jk 1.2.14.1
4.3
CVSSv2
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16 allows remote malicious users to inject arbitrary web script or HTML via a crafted string that is used in the message...
Apache Tomcat
1 EDB exploit
5
CVSSv2
CVE-2007-5333
Apache Tomcat 6.0.0 up to and including 6.0.14, 5.5.0 up to and including 5.5.25, and 4.1.0 up to and including 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information...
Apache Tomcat
1 EDB exploit
4.6
CVSSv2
CVE-2009-0783
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, o...
Apache Tomcat
4.3
CVSSv2
CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when allowLinking and UTF-8 are enabled, allows remote malicious users to read arbitrary files via encoded directory traver...
Apache Tomcat
2 EDB exploits
2 Metasploit modules
1 Github repository
2.6
CVSSv2
CVE-2005-3164
The AJP connector in Apache Tomcat 4.0.1 up to and including 4.0.6 and 4.1.0 up to and including 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which...
Hitachi Cosminexus Application Server 05 00 05 05 E
Hitachi Cosminexus Application Server 05 00 05 05 F
Hitachi Cosminexus Application Server 05 00 05 05 H
Hitachi Cosminexus Application Server 05 00 05 05 K
Apache Tomcat
5
CVSSv2
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ign...
Apache Tomcat
Apache Tomee 8.0.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Agile Plm 9.3.6
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Diameter Signaling Router
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Policy Management 12.5.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Session Report Manager
5
CVSSv2
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.4
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.6
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.8
Vmware Spring Security 3.2.9
Vmware Spring Security 4.1.0
Vmware Spring Security 4.1.1
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
file upload
himmelblau
CVE-2019-5418
CVE-2025-0648
ecovacs
reflected XSS
mind3dom ryebread widgets
CVE-2025-0411
local users
CVE-2024-55927
sonicwall
CVE-2024-13422
CVE-2025-24033
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »