Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2008-0002
Apache Tomcat 6.0.0 up to and including 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote malicious users to obtain sensitive information, as demonstrated by disconnecting during this pro...
Apache Tomcat 6.0.10
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.8
Apache Tomcat 6.0.12
Apache Tomcat 6.0.13
Apache Tomcat 6.0.9
Apache Tomcat 6.0.5
Apache Tomcat 6.0.6
Apache Tomcat 6.0.14
Apache Tomcat 6.0.15
515
VMScore
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote malicious users to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examp...
Apache Tomcat 3.2.4
Apache Tomcat 3.2.3
3 EDB exploits
505
VMScore
CVE-2011-4858
Apache Tomcat prior to 5.5.35, 6.x prior to 6.0.35, and 7.x prior to 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sendi...
Apache Tomcat 6.0.33
Apache Tomcat 7.0.12
Apache Tomcat 6.0.6
Apache Tomcat 7.0.20
Apache Tomcat 6.0.11
Apache Tomcat 6.0.34
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 6.0.22
Apache Tomcat 6.0.25
Apache Tomcat 6.0.7
Apache Tomcat 6.0.4
Apache Tomcat 7.0.22
Apache Tomcat 5.5.35
Apache Tomcat 6.0.15
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.18
Apache Tomcat 6.0.20
Apache Tomcat 7.0.14
1 EDB exploit
505
VMScore
CVE-2010-4094
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote malicious users to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-354...
Ibm Rational Test Lab Manager
Ibm Rational Quality Manager
1 EDB exploit
505
VMScore
CVE-2008-2370
Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct dire...
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.4
Apache Tomcat 5.5.20
1 EDB exploit
505
VMScore
CVE-2007-5333
Apache Tomcat 6.0.0 up to and including 6.0.14, 5.5.0 up to and including 5.5.25, and 4.1.0 up to and including 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information...
Apache Tomcat
1 EDB exploit
505
VMScore
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x prior to 5.5.22 and 6.x prior to 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote malicious users to read arbitrary files via a .. (dot dot) sequence with combinations o...
Apache Tomcat
Apache Http Server -
1 EDB exploit
1 Github repository
505
VMScore
CVE-2006-3835
Apache Tomcat 5 prior to 5.5.17 allows remote malicious users to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Apache Tomcat 5.5.12
Apache Tomcat 5.5.7
Apache Tomcat 5.5.9
Apache Tomcat 5.0.28
Apache Tomcat 5.5.16
1 EDB exploit
505
VMScore
CVE-2005-1754
JavaMail API 1.1.3 up to and including 1.3, as used by Apache Tomcat 5.0.16, allows remote malicious users to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references...
Sun Javamail 1.1.3
Sun Javamail 1.3
Sun Javamail 1.2
Apache Tomcat Apache Tomcat 5.0.16
Sun Javamail 1.3.2
1 EDB exploit
505
VMScore
CVE-2005-4703
Apache Tomcat 4.0.3, when running on Windows, allows remote malicious users to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Apache Tomcat 4.0.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »