Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 4.1.39 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.
Apache Tomcat 4.1.15
Apache Tomcat 4.1.16
Apache Tomcat 4.1.17
Apache Tomcat 4.1.18
Apache Tomcat 4.1.19
Apache Tomcat 4.1.20
Apache Tomcat 4.1.21
Apache Tomcat 4.1.22
Apache Tomcat 4.1.23
Apache Tomcat 4.1.24
Apache Tomcat 4.1.25
Apache Tomcat 4.1.26
5
CVSSv2
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.10
Apache Tomcat 4.1.11
Apache Tomcat 4.1.12
Apache Tomcat 4.1.13
Apache Tomcat 4.1.14
Apache Tomcat 4.1.15
Apache Tomcat 4.1.16
Apache Tomcat 4.1.17
5
CVSSv2
CVE-2009-0033
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.4
Apache Tomcat 4.1.5
Apache Tomcat 4.1.6
Apache Tomcat 4.1.7
Apache Tomcat 4.1.8
Apache Tomcat 4.1.9
Apache Tomcat 4.1.10
Apache Tomcat 4.1.11
4.3
CVSSv2
CVE-2009-0580
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.4
Apache Tomcat 4.1.5
Apache Tomcat 4.1.6
Apache Tomcat 4.1.7
Apache Tomcat 4.1.8
Apache Tomcat 4.1.9
Apache Tomcat 4.1.10
Apache Tomcat 4.1.11
1 EDB exploit
4.3
CVSSv2
CVE-2009-0781
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 allows remote malicious users to inje...
Apache Tomcat 4.1.0
Apache Tomcat 4.1.1
Apache Tomcat 4.1.2
Apache Tomcat 4.1.3
Apache Tomcat 4.1.4
Apache Tomcat 4.1.5
Apache Tomcat 4.1.6
Apache Tomcat 4.1.7
Apache Tomcat 4.1.8
Apache Tomcat 4.1.9
Apache Tomcat 4.1.10
Apache Tomcat 4.1.11
7.5
CVSSv2
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.1.1
Apache Tomcat 3.2
Apache Tomcat 3.2.1
Apache Tomcat 3.2.2
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.3
Apache Tomcat 3.3.1
Apache Tomcat 3.3.1a
Apache Tomcat 3.3.2
2 EDB exploits
1 Github repository
4.6
CVSSv2
CVE-2009-0783
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, o...
Apache Tomcat
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-21317
CVE-2025-23940
buffer overflow
CVE-2025-21335
CVE-2025-23860
CVE-2024-57704
SSTI
wireless
CVE-2019-3309
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started