apache tomcat vulnerabilities and exploits

(subscribe to this query)

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote malicious users to cause a denial of service (infinite loop) by terminating the connectio...

Apache Tomcat 6.0 Apache Tomcat 6.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.28 does not properly restrict the request-header size, which allows remote malicious users to cause a denial of service (memory consumptio...

Apache Tomcat 6.0 Apache Tomcat 6.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10

The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.

Apache Tomcat 3.0 Apache Tomcat 3.1 Apache Tomcat 3.1.1 Apache Tomcat 3.2 Apache Tomcat 3.2.1 Apache Tomcat 3.2.2 Apache Tomcat 3.2.3 Apache Tomcat 3.2.4 Apache Tomcat 3.3 Apache Tomcat 3.3.1 Apache Tomcat 3.3.1a Apache Tomcat 3.3.2

2 EDB exploits2 Github repositories

Apache Tomcat 6.x prior to 6.0.44, 7.x prior to 7.0.55, and 8.x prior to 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote malicious users to cause a denial of service (thread consumption...

Apache Tomcat 6.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10 Apache Tomcat 6.0.11

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.24, and 6.0.0 up to and inc...

Apache Tomcat Apache Tomcat 4.0.0 Apache Tomcat 4.0.1 Apache Tomcat 4.0.2 Apache Tomcat 4.0.3 Apache Tomcat 4.0.4 Apache Tomcat 4.0.5 Apache Tomcat 5.0.0 Apache Tomcat 5.0.1 Apache Tomcat 5.0.2 Apache Tomcat 5.0.3 Apache Tomcat 5.0.4

1 EDB exploit

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive informatio...

Apache Tomcat 7.0.0 Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.3 Apache Tomcat 7.0.4 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 7.0.9 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11

Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11

Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat ...

Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11

The autodeployment process in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote malicious users to bypass intended authentication requ...

Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11

Apache Tomcat 5.5.x prior to 5.5.35, 6.x prior to 6.0.34, and 7.x prior to 7.0.23 uses an inefficient approach for handling parameters, which allows remote malicious users to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter val...

Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook