Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

apache tomcat 5.5.13 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote malicious users to cond...
Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.24
4.3
CVSSv2

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable se...
Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.15Apache Tomcat 4.1.24
5
CVSSv2

CVE-2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
5
CVSSv2

CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote malicious users to bypass authentic...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
5
CVSSv2

CVE-2012-5887

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.36, 6.x prior to 6.0.36, and 7.x prior to 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote malicio...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
6.8
CVSSv2

CVE-2013-6357

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demons...
Apache TomcatApache Tomcat 1.1.3Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1
7.5
CVSSv2

CVE-2009-3548

The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 3.3.2
2.6
CVSSv2

CVE-2008-5519

The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2Apache Mod Jk 1.2.1Apache Mod Jk 1.2.6Apache Mod Jk 1.2.7Apache Mod Jk 1.2.8Apache Mod Jk 1.2.9Apache Mod Jk 1.2.10Apache Mod Jk 1.2.11Apache Mod Jk 1.2.12Apache Mod Jk 1.2.13Apache Mod Jk 1.2.14Apache Mod Jk 1.2.14.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-29362CVE-2025-29359rising technosoftcode injectionXML injectionCVE-2025-24201vimlocal file inclusionCVE-2025-25292CVE-2024-13376devolutionssiemensCVE-2025-1257
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook