Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2016-5526
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat.
Oracle Agile Product Lifecycle Management Framework 9.3.4
Oracle Agile Product Lifecycle Management Framework 9.3.5
668
VMScore
CVE-2011-3190
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 up to and including 7.0.20, 6.0.0 up to and including 6.0.33, 5.5.0 up to and including 5.5.33, and possibly other versions allow remote malicious users to spoof AJP requests, bypass authentication, and obtain ...
Apache Tomcat 7.0.12
Apache Tomcat 7.0.20
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.14
Apache Tomcat 7.0.11
Apache Tomcat 7.0.7
Apache Tomcat 7.0.13
Apache Tomcat 7.0.19
Apache Tomcat 7.0.16
Apache Tomcat 7.0.10
Apache Tomcat 7.0.17
Apache Tomcat 7.0.9
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 6.0.33
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
668
VMScore
CVE-2010-4368
awstats.cgi in AWStats prior to 7.0 on Windows accepts a configdir parameter in the URL, which allows remote malicious users to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
Awstats Awstats 6.4
Awstats Awstats 6.4 1
Awstats Awstats 2.2.3
Awstats Awstats 4.1
Awstats Awstats 5.9
Awstats Awstats 5.7
Awstats Awstats 5.0
Awstats Awstats
Awstats Awstats 3.0
Awstats Awstats 6.5
Awstats Awstats 2.1.
Awstats Awstats 6.5 1
Awstats Awstats 5.5
Awstats Awstats 5.4
Awstats Awstats 5.3
Awstats Awstats 5.2
Awstats Awstats 3.2
Awstats Awstats 6.2
Awstats Awstats 3.1
Awstats Awstats 6.3
Awstats Awstats 6.9
Awstats Awstats 6.6
668
VMScore
CVE-2002-1394
Apache Tomcat 4.0.5 and previous versions, when using both the invoker servlet and the default servlet, allows remote malicious users to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Apache Tomcat 4.0.4
Apache Tomcat 4.1.9
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.1.3
Apache Tomcat 4.1.10
Apache Tomcat 4.1.0
Apache Tomcat 4.0.2
Apache Tomcat 4.0.5
Apache Tomcat 4.0.0
668
VMScore
CVE-2002-0493
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow malicious users to bypass intended restrictions.
Apache Tomcat
668
VMScore
CVE-2001-1563
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows malicious users to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
Apache Tomcat 3.2.1
Hp Secure Os 1.0
645
VMScore
CVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
Apache Tomcat 3.1
1 EDB exploit
645
VMScore
CVE-2000-0760
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Apache Tomcat 3.1
Apache Tomcat 3.0
1 EDB exploit
641
VMScore
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux ...
Apache Tomcat
Opensuse Leap 15.1
641
VMScore
CVE-2016-9774
The postinst script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u4 on Debian wheezy, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u8 on Debian wheezy, prior to 7.0.56-3+deb8u6 on Debian jessie, prior to 7....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 7.0
Apache Tomcat 8.0
Apache Tomcat 6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »