Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote malicious users to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Novell Imanager 2.7
Novell Imanager 2.7.3
Novell Imanager 2.7.4
Novell Imanager 2.7.5
Novell Imanager
Novell Imanager 2.7.1
Novell Imanager 2.7.2
6.8
CVSSv2
CVE-2012-3908
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances prior to 1.1.0.665 Cumulative Patch 1 allow remote malicious users to hijack the aut...
Cisco Identity Services Engine Software 1.0
Cisco Identity Services Engine Software 1.0.4
Cisco Identity Services Engine Software 1.1.1
Cisco Identity Services Engine Software 1.0mr
Cisco Identity Services Engine Software 1.1
Cisco Identity Services Engine 3300
6.8
CVSSv2
CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote malicious users to execute arbitrary commands via unknown vectors.
Liferay Liferay Portal
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2002-1567
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote malicious users to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
Apache Tomcat 4.1.0
1 EDB exploit
6.8
CVSSv2
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x up to and including 3.3.1a allow remote malicious users to insert arbitrary web script or HTML.
Apache Tomcat 3.3
Apache Tomcat 3.3.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.1.1
Apache Tomcat 3.3.1a
Apache Tomcat 3.2
Apache Tomcat 3.2.1
6.5
CVSSv2
CVE-2020-4294
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated malicious user to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.
Ibm Qradar Security Information And Event Manager 7.3.3
Ibm Qradar Security Information And Event Manager
6.5
CVSSv2
CVE-2014-2130
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrati...
Cisco Secure Access Control System -
6.4
CVSSv2
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x prior to 6.0.42, 7.x prior to 7.0.55, and 8.x prior to 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote malicious users to conduct H...
Apache Tomcat 7.0.2
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 7.0.49
Apache Tomcat 6.0.39
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.53
Apache Tomcat 6.0.4
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.4
Apache Tomcat 6.0.7
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
Apache Tomcat 8.0.5
6.4
CVSSv2
CVE-2010-4312
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote malicious users to hijack a session via script access to a cookie.
Apache Tomcat 6.0.15
Apache Tomcat 6.0
Apache Tomcat 6.0.28
Apache Tomcat 6.0.17
Apache Tomcat 6.0.18
Apache Tomcat 6.0.2
Apache Tomcat 6.0.26
Apache Tomcat 6.0.19
Apache Tomcat 6.0.16
Apache Tomcat 6.0.14
Apache Tomcat 6.0.6
Apache Tomcat 6.0.1
Apache Tomcat 6.0.0
Apache Tomcat 6.0.13
Apache Tomcat 6.0.24
Apache Tomcat 6.0.9
Apache Tomcat 6.0.29
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.10
Apache Tomcat 6.0.20
Apache Tomcat 6.0.7
6.4
CVSSv2
CVE-2010-2227
Apache Tomcat 5.5.0 up to and including 5.5.29, 6.0.0 up to and including 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote malicious users to cause a denial of service (application outage) or obtain sensitive information via...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.9
Apache Tomcat 5.5.25
Apache Tomcat 5.5.2
Apache Tomcat 5.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »