Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2003-0866
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote malicious users to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
Apache Tomcat 4.0.4
Apache Tomcat 4.0.6
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.0.2
Apache Tomcat 4.0.5
Apache Tomcat 4.0.0
1 EDB exploit
505
VMScore
CVE-2003-0042
Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote malicious users to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Apache Tomcat 3.1.1
Apache Tomcat 3.2
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.3.1
Apache Tomcat 3.2.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.3
1 EDB exploit
505
VMScore
CVE-2002-2006
The default installation of Apache Tomcat 4.0 up to and including 4.1 and 3.0 up to and including 3.3.1 allows remote malicious users to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
Apache Tomcat 3.1
Apache Tomcat 3.2.1
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.1.0
Apache Tomcat 3.1.1
Apache Tomcat 4.0.2
Apache Tomcat 4.0.0
Apache Tomcat 3.2.3
Apache Tomcat 3.2
Apache Tomcat 3.3.1
Apache Tomcat 3.3
1 EDB exploit
505
VMScore
CVE-2002-1148
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and previous versions allows remote malicious users to read source code for server files via a direct request to the servlet.
Apache Tomcat 3.1
Apache Tomcat 4.0.4
Apache Tomcat 3.2.1
Apache Tomcat 4.1.9
Apache Tomcat 3.2.2
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.1.3
Apache Tomcat 4.1.10
Apache Tomcat 4.1.0
Apache Tomcat 3.1.1
Apache Tomcat 4.0.2
Apache Tomcat 4.0.0
Apache Tomcat 3.2.3
Apache Tomcat 3.2
Apache Tomcat 3.3.1
Apache Tomcat 3.3
1 EDB exploit
505
VMScore
CVE-2002-0936
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
Apache Tomcat 4.0.3
1 EDB exploit
505
VMScore
CVE-2001-0590
Apache Software Foundation Tomcat Servlet before 3.2.2 allows a remote malicious user to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
Apache Tomcat
1 EDB exploit
464
VMScore
CVE-2016-5388
Apache Tomcat 7.x up to and including 7.0.70 and 8.x up to and including 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi...
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Hpc Node Eus 7.2
Hp System Management Homepage
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Oracle Linux 6
Oracle Linux 7
Apache Tomcat
1 Article
463
VMScore
CVE-2007-1491
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
Avaya S8300
Avaya S8700
Avaya Sip Enablement Services
Avaya S8500
455
VMScore
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the si...
Apache Tomcat
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Oracle Transportation Management 6.3.7
Oracle Retail Order Broker 15.0
Oracle Micros Relate Crm Software 11.4
Oracle Instantis Enterprisetrack
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Mysql Enterprise Monitor
454
VMScore
CVE-2001-0829
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
Apache Tomcat 3.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »