Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

apache tomcat 4.1.9 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2

CVE-2002-1394

Apache Tomcat 4.0.5 and previous versions, when using both the invoker servlet and the default servlet, allows remote malicious users to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 4.1.9Apache Tomcat 4.1.10
5
CVSSv2

CVE-2002-1148

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and previous versions allows remote malicious users to read source code for server files via a direct request to the servlet.
Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1Apache Tomcat 4.0.0Apache Tomcat 4.0.1
4.3
CVSSv2

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 up to and including 4.1.31 allows remote malicious users to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11
3.5
CVSSv2

CVE-2007-5461

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0, 5.0.0, 5.5.0 up to and including 5.5.25, and 6.0.0 up to and including 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4
7.8
CVSSv2

CVE-2002-2272

Tomcat 4.0 up to and including 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 up to and including 1.3.27, allows remote malicious users to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...
Apache Http Server 1.3Apache Http Server 1.3.0Apache Http Server 1.3.1Apache Http Server 1.3.2Apache Http Server 1.3.10Apache Http Server 1.3.11Apache Http Server 1.3.12Apache Http Server 1.3.13Apache Http Server 1.3.14Apache Http Server 1.3.15Apache Http Server 1.3.16Apache Http Server 1.3.17
4.3
CVSSv2

CVE-2009-0781

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 allows remote malicious users to inje...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11
5
CVSSv2

CVE-2008-2370

Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct dire...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11
3.5
CVSSv2

CVE-2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.24, and 6.0.0 up to and...
Apache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.9
5
CVSSv2

CVE-2009-0033

Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11
4.3
CVSSv2

CVE-2009-0580

Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 4.1.0Apache Tomcat 4.1.1Apache Tomcat 4.1.2Apache Tomcat 4.1.3Apache Tomcat 4.1.4Apache Tomcat 4.1.5Apache Tomcat 4.1.6Apache Tomcat 4.1.7Apache Tomcat 4.1.8Apache Tomcat 4.1.9Apache Tomcat 4.1.10Apache Tomcat 4.1.11
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46656unknownCVE-2025-46577CVE-2025-32979paicodingXPath injectionhackmdCVE-2025-3643opplusCSRFlocal usersCVE-2025-32433CVE-2025-32432
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook