Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache tomcat 5.5.0 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2011-3190
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 up to and including 7.0.20, 6.0.0 up to and including 6.0.33, 5.5.0 up to and including 5.5.33, and possibly other versions allow remote malicious users to spoof AJP requests, bypass authentication, and obtain ...
Apache Tomcat 7.0.12Apache Tomcat 7.0.20Apache Tomcat 7.0.8Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.5Apache Tomcat 7.0.0Apache Tomcat 7.0.6Apache Tomcat 7.0.14Apache Tomcat 7.0.11Apache Tomcat 7.0.7Apache Tomcat 7.0.13Apache Tomcat 7.0.19Apache Tomcat 7.0.16Apache Tomcat 7.0.10Apache Tomcat 7.0.17Apache Tomcat 7.0.9Apache Tomcat 7.0.4Apache Tomcat 7.0.3Apache Tomcat 6.0.33Apache Tomcat 6.0.6Apache Tomcat 6.0.11
4.3
CVSSv2
CVE-2007-3382
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote malicious users to cond...
Apache Tomcat 4.1.2Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.0.7Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 6.0.4Apache Tomcat 5.5.6
6.8
CVSSv2
CVE-2013-6357
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demons...
Apache Tomcat 3.1Apache Tomcat 4.1.2Apache Tomcat 4.0.4Apache Tomcat 4.1.36Apache Tomcat 3.2.1Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 5.0.8Apache Tomcat 5Apache TomcatApache Tomcat 5.0.19Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 3.2.2Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.0.7
5
CVSSv2
CVE-2012-0022
Apache Tomcat 5.5.x prior to 5.5.35, 6.x prior to 6.0.34, and 7.x prior to 7.0.23 uses an inefficient approach for handling parameters, which allows remote malicious users to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter val...
Apache Tomcat 5.5.27Apache Tomcat 5.5.18Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.5.11Apache Tomcat 5.5.28Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 5.5.5Apache Tomcat 5.5.30Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.3Apache Tomcat 5.5.32Apache Tomcat 5.5.31Apache Tomcat 5.5.9
5
CVSSv2
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count...
Apache Tomcat 5.5.0Apache Tomcat 5.5.25Apache Tomcat 5.5.33Apache Tomcat 5.5.7Apache Tomcat 5.5.18Apache Tomcat 5.5.15Apache Tomcat 5.5.3Apache Tomcat 5.5.22Apache Tomcat 5.5.2Apache Tomcat 5.5.35Apache Tomcat 5.5.30Apache Tomcat 5.5.9Apache Tomcat 5.5.8Apache Tomcat 5.5.29Apache Tomcat 5.5.31Apache Tomcat 5.5.17Apache Tomcat 5.5.12Apache Tomcat 5.5.24Apache Tomcat 5.5.21Apache Tomcat 5.5.19Apache Tomcat 5.5.10Apache Tomcat 5.5.1
5
CVSSv2
CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote malicious users to bypass authentic...
Apache Tomcat 5.5.30Apache Tomcat 5.5.0Apache Tomcat 5.5.8Apache Tomcat 5.5.33Apache Tomcat 5.5.31Apache Tomcat 5.5.17Apache Tomcat 5.5.24Apache Tomcat 5.5.3Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 5.5.27Apache Tomcat 5.5.9Apache Tomcat 5.5.4Apache Tomcat 5.5.29Apache Tomcat 5.5.14Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.25Apache Tomcat 5.5.10Apache Tomcat 5.5.7
5
CVSSv2
CVE-2012-5887
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote malicio...
Apache Tomcat 5.5.1Apache Tomcat 5.5.28Apache Tomcat 5.5.27Apache Tomcat 5.5.5Apache Tomcat 5.5.4Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.25Apache Tomcat 5.5.10Apache Tomcat 5.5.34Apache Tomcat 5.5.6Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.22Apache Tomcat 5.5.23Apache Tomcat 5.5.26Apache Tomcat 5.5.32Apache Tomcat 5.5.20Apache Tomcat 5.5.9Apache Tomcat 5.5.8Apache Tomcat 5.5.29Apache Tomcat 5.5.31
2.6
CVSSv2
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2.11Apache Mod Jk 1.2.25Apache Mod Jk 1.2.9Apache Mod Jk 1.2.19Apache Mod Jk 1.2.23Apache Mod Jk 1.2.16Apache Mod Jk 1.2.6Apache Mod Jk 1.2.17Apache Mod Jk 1.2.24Apache Mod Jk 1.2.22Apache Mod Jk 1.2Apache Mod Jk 1.2.13Apache Mod Jk 1.2.8Apache Mod Jk 1.2.10Apache Mod Jk 1.2.7Apache Mod Jk 1.2.20Apache Mod Jk 1.2.21Apache Mod Jk 1.2.1Apache Mod Jk 1.2.15Apache Mod Jk 1.2.12Apache Mod Jk 1.2.14.1Apache Mod Jk 1.2.14
4.3
CVSSv2
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16 allows remote malicious users to inject arbitrary web script or HTML via a crafted string that is used in the message...
Apache Tomcat
5
CVSSv2
CVE-2007-5333
Apache Tomcat 6.0.0 up to and including 6.0.14, 5.5.0 up to and including 5.5.25, and 4.1.0 up to and including 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information...
Apache Tomcat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook