Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2018-0058
Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) client route processing on MX Series subscriber management platforms, introduced by t...
Juniper Junos 15.1
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
7.8
CVSSv2
CVE-2014-0230
Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.55, and 8.x prior to 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote malicious users to cause a denial of service (thread consumption...
Apache Tomcat 7.0.2
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 7.0.49
Apache Tomcat 6.0.39
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.53
Apache Tomcat 6.0.4
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.4
Apache Tomcat 6.0.7
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
Apache Tomcat 8.0.5
1 Github repository
7.8
CVSSv2
CVE-2013-1222
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software prior to 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote malicious users to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request,...
Cisco Unified Customer Voice Portal 3.0
Cisco Unified Customer Voice Portal 4.0(2)
Cisco Unified Customer Voice Portal 3.6(10)
Cisco Unified Customer Voice Portal
Cisco Unified Customer Voice Portal 7.0(2)
Cisco Unified Customer Voice Portal 8.5(1)
Cisco Unified Customer Voice Portal 9.0
Cisco Unified Customer Voice Portal 4.0
Cisco Unified Customer Voice Portal 7.0
Cisco Unified Customer Voice Portal 8.0(1)
Cisco Unified Customer Voice Portal 4.1
7.8
CVSSv2
CVE-2006-7197
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote malicious users to read portions of sensitive memory.
Apache Tomcat 5.5.15
7.8
CVSSv2
CVE-2006-4517
Novell iManager 2.5 and 2.0.2 allows remote malicious users to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
Novell Imanager 2.0.2
Novell Imanager 2.0
Novell Imanager 1.5
Novell Imanager
7.8
CVSSv2
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.21
Apache Tomcat 4.1.24
Apache Tomcat 4.1.25
Apache Tomcat 4.1.39
Apache Tomcat 4.1.27
Apache Tomcat 4.1.30
Apache Tomcat 4.1.18
Apache Tomcat 4.1.40
Apache Tomcat 4.1.19
Apache Tomcat 4.1.28
Apache Tomcat 4.1.31
Apache Tomcat 4.1.16
Apache Tomcat 4.1.29
Apache Tomcat 4.1.22
Apache Tomcat 4.1.26
Apache Tomcat 4.1.17
Apache Tomcat 4.1.33
Apache Tomcat 4.1.15
Apache Tomcat 4.1.20
Apache Tomcat 4.1.23
7.8
CVSSv2
CVE-2002-2272
Tomcat 4.0 up to and including 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 up to and including 1.3.27, allows remote malicious users to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...
Apache Tomcat 4.1.2
Apache Tomcat 4.0.4
Apache Tomcat 4.1.9
Apache Http Server 1.3.23
Apache Http Server 1.3.27
Apache Http Server 1.3.10
Apache Http Server 1.3.16
Apache Http Server 1.3.1
Apache Http Server 1.3.25
Apache Http Server 1.3.19
Apache Http Server 1.3.24
Apache Http Server 1.3.20
Apache Http Server 1.3.2
Apache Tomcat 4.0.6
Apache Http Server 1.3.13
Apache Tomcat 4.0.3
Apache Http Server 1.3.18
Apache Tomcat 4.0.1
Apache Http Server 1.3.0
Apache Http Server 1.3
Apache Http Server 1.3.12
Apache Tomcat 4.1.1
1 EDB exploit
7.5
CVSSv2
CVE-2022-25762
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The e...
Apache Tomcat
Oracle Agile Plm 9.3.6
7.5
CVSSv2
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
175 Github repositories
7 Articles
7.5
CVSSv2
CVE-2021-45877
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows malicious users to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
Garo Wallbox Gtb Firmware
Garo Wallbox Gtc Firmware
Garo Wallbox Glb Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »