Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x prior to 7.0.12 does not properly handle HTTP pipelining, which allows remote malicious users to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to &q...
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.11
Apache Tomcat 7.0.7
Apache Tomcat 7.0.10
Apache Tomcat 7.0.9
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
2 Github repositories
5
CVSSv2
CVE-2005-3510
Apache Tomcat 5.5.0 to 5.5.11 allows remote malicious users to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.6
Apache Tomcat 5.5.5
Apache Tomcat 5.5.3
Apache Tomcat 5.5.9
Apache Tomcat 5.5.2
Apache Tomcat 5.5.0
Apache Tomcat 5.5.8
5
CVSSv2
CVE-2005-0808
Apache Tomcat prior to 5.x allows remote malicious users to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
Apache Tomcat 3.1
Apache Tomcat 3.2.1
Apache Tomcat 3.2.2
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 3.3.1a
Apache Tomcat 3.1.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2
Apache Tomcat 3.3.1
Apache Tomcat 3.3
5.8
CVSSv2
CVE-2011-1419
Apache Tomcat 7.x prior to 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote malicious users to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of ...
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.10
Apache Tomcat 7.0.9
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
5.8
CVSSv2
CVE-2008-0002
Apache Tomcat 6.0.0 up to and including 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote malicious users to obtain sensitive information, as demonstrated by disconnecting during this pro...
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 6.0.7
Apache Tomcat 6.0.15
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.14
Apache Tomcat 6.0.12
Apache Tomcat 6.0.5
Apache Tomcat 6.0.13
Apache Tomcat 6.0.8
5.8
CVSSv2
CVE-2011-1088
Apache Tomcat 7.x prior to 7.0.10 does not follow ServletSecurity annotations, which allows remote malicious users to bypass intended access restrictions via HTTP requests to a web application.
Apache Tomcat 7.0.8
Apache Tomcat 7.0.1
Apache Tomcat 7.0.2
Apache Tomcat 7.0.5
Apache Tomcat 7.0.0
Apache Tomcat 7.0.6
Apache Tomcat 7.0.7
Apache Tomcat 7.0.9
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
6.8
CVSSv2
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x up to and including 3.3.1a allow remote malicious users to insert arbitrary web script or HTML.
Apache Tomcat 3.1
Apache Tomcat 3.2.1
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 3.3.1a
Apache Tomcat 3.1.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2
Apache Tomcat 3.3.1
Apache Tomcat 3.3
7.5
CVSSv2
CVE-2002-1394
Apache Tomcat 4.0.5 and previous versions, when using both the invoker servlet and the default servlet, allows remote malicious users to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Apache Tomcat 4.0.4
Apache Tomcat 4.1.9
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.1.3
Apache Tomcat 4.1.10
Apache Tomcat 4.1.0
Apache Tomcat 4.0.2
Apache Tomcat 4.0.5
Apache Tomcat 4.0.0
2.6
CVSSv2
CVE-2007-1358
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 up to and including 4.0.6 and 4.1.0 up to and including 4.1.34 allows remote malicious users to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not con...
Apache Tomcat 4.0.4
Apache Tomcat 4.0.6
Apache Tomcat 4.0.3
Apache Tomcat 4.0.1
Apache Tomcat 4.1.0
Apache Tomcat 4.0.2
Apache Tomcat 4.0.5
Apache Tomcat 4.0.0
Apache Tomcat
5
CVSSv2
CVE-2003-0042
Jakarta Tomcat prior to 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote malicious users to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Apache Tomcat 3.1
Apache Tomcat 3.2.1
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 3.1.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2
Apache Tomcat 3.3.1
Apache Tomcat 3.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »