Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 6.0.6 vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote malicious users to execute arbitrary commands via unknown vectors.
Liferay Liferay Portal
1 EDB exploit
1 Github repository
356
VMScore
CVE-2011-1502
Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
Liferay Liferay Portal
312
VMScore
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Liferay Liferay Portal
312
VMScore
CVE-2011-1570
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
Liferay Liferay Portal
383
VMScore
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 prior to 5.5.32, 6.0 prior to 6.0.30, and 7.0 prior to 7.0.6 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.10
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.9
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.28
Apache Tomcat 6.0.0
Apache Tomcat 6.0.14
445
VMScore
CVE-2011-0534
Apache Tomcat 7.0.0 up to and including 7.0.6 and 6.0.0 up to and including 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote malicious users to cause a denial of service (OutOfMemoryError) via a crafted request...
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.10
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.9
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0.28
Apache Tomcat 6.0.0
Apache Tomcat 6.0.14
107
VMScore
CVE-2010-3718
Apache Tomcat 7.0.0 up to and including 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated usin...
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.0
Apache Tomcat 7.0.3
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 6.0.15
Apache Tomcat 6.0.20
Apache Tomcat 6.0.10
Apache Tomcat 6.0.29
Apache Tomcat 6.0.3
Apache Tomcat 6.0.9
Apache Tomcat 6.0.24
Apache Tomcat 6.0.17
Apache Tomcat 6.0
Apache Tomcat 6.0.28
Apache Tomcat 6.0.0
Apache Tomcat 6.0.14
Apache Tomcat 6.0.1
Apache Tomcat 6.0.12
1 Github repository
570
VMScore
CVE-2010-4312
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote malicious users to hijack a session via script access to a cookie.
Apache Tomcat 6.0.15
Apache Tomcat 6.0
Apache Tomcat 6.0.28
Apache Tomcat 6.0.17
Apache Tomcat 6.0.18
Apache Tomcat 6.0.2
Apache Tomcat 6.0.26
Apache Tomcat 6.0.19
Apache Tomcat 6.0.16
Apache Tomcat 6.0.14
Apache Tomcat 6.0.6
Apache Tomcat 6.0.1
Apache Tomcat 6.0.0
Apache Tomcat 6.0.13
Apache Tomcat 6.0.24
Apache Tomcat 6.0.9
Apache Tomcat 6.0.29
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.10
Apache Tomcat 6.0.20
Apache Tomcat 6.0.7
720
VMScore
CVE-2010-2227
Apache Tomcat 5.5.0 up to and including 5.5.29, 6.0.0 up to and including 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote malicious users to cause a denial of service (application outage) or obtain sensitive information via...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.9
Apache Tomcat 5.5.25
Apache Tomcat 5.5.2
Apache Tomcat 5.5.0
265
VMScore
CVE-2010-1157
Apache Tomcat 5.5.0 up to and including 5.5.29 and 6.0.0 up to and including 6.0.26 might allow remote malicious users to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading t...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.9
Apache Tomcat 5.5.25
Apache Tomcat 5.5.2
Apache Tomcat 5.5.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »