Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss web server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an malicious user to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that...
Eclipse Jetty
Eclipse Jetty 12.0.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Unified Manager -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
6.1
CVSSv3
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be pr...
Apache Tomcat
Apache Tomcat 9.0.0
3 Github repositories
4.7
CVSSv3
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Nodejs Node.js
Openssl Openssl
Tenable Nessus
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle Api Gateway 11.1.2.4.0
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Primavera P6 Enterprise Project Portfolio Management 8.4
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
Oracle Vm Virtualbox
1 EDB exploit
1 Github repository
NA
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
NA
CVE-2009-2693
Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat ...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
4.8
CVSSv3
CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located be...
Apache Tomcat 9.0.0
Apache Tomcat
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.1
Netapp Oncommand System Manager
Netapp Data Availability Services -
Oracle Transportation Management 6.3.7
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Retail Order Broker 15.0
Oracle Agile Product Lifecycle Management 9.3.3
Oracle Agile Product Lifecycle Management 9.3.5
Oracle Agile Product Lifecycle Management 9.3.6
Oracle Instantis Enterprisetrack
Oracle Health Sciences Empirica Signal 7.3.3
Oracle Communications Instant Messaging Server 10.0.1.4.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
4.3
CVSSv3
CVE-2020-13943
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that co...
Apache Tomcat 8.5.2
Apache Tomcat 8.5.9
Apache Tomcat 8.5.4
Apache Tomcat 8.5.0
Apache Tomcat 8.5.15
Apache Tomcat 8.5.10
Apache Tomcat 8.5.13
Apache Tomcat 8.5.14
Apache Tomcat 8.5.5
Apache Tomcat 8.5.3
Apache Tomcat 8.5.6
Apache Tomcat 8.5.7
Apache Tomcat 8.5.8
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.1
Apache Tomcat 8.5.16
Apache Tomcat 8.5.17
Apache Tomcat 8.5.18
Apache Tomcat 8.5.19
Apache Tomcat 8.5.20
Apache Tomcat 8.5.21
NA
CVE-2014-0230
Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.55, and 8.x prior to 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote malicious users to cause a denial of service (thread consumption...
Apache Tomcat 7.0.2
Apache Tomcat 6.0.33
Apache Tomcat 6.0.0
Apache Tomcat 7.0.49
Apache Tomcat 6.0.39
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.53
Apache Tomcat 6.0.4
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 7.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.4
Apache Tomcat 6.0.7
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
Apache Tomcat 8.0.5
1 Github repository
7.5
CVSSv3
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Mcafee Epolicy Orchestrator 5.9.0
Mcafee Epolicy Orchestrator 5.9.1
Mcafee Epolicy Orchestrator 5.10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
3 Github repositories
7.5
CVSSv3
CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Apache Tomcat 7.0.2
Apache Tomcat 7.0.49
Apache Tomcat 7.0.12
Apache Tomcat 7.0.62
Apache Tomcat 7.0.20
Apache Tomcat 7.0.34
Apache Tomcat 7.0.58
Apache Tomcat 7.0.8
Apache Tomcat 7.0.55
Apache Tomcat 7.0.1
Apache Tomcat 7.0.5
Apache Tomcat 7.0.51
Apache Tomcat 7.0.4
Apache Tomcat 7.0.63
Apache Tomcat 7.0.22
Apache Tomcat 7.0.39
Apache Tomcat 7.0.26
Apache Tomcat 7.0.46
Apache Tomcat 7.0.72
Apache Tomcat 7.0.76
Apache Tomcat 7.0.71
Apache Tomcat 7.0.28
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »