Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 4.1.32 vulnerabilities and exploits
(subscribe to this query)
231
VMScore
CVE-2008-4308
The doRead method in Apache Tomcat 4.1.32 up to and including 4.1.34 and 5.5.10 up to and including 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.11
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 4.1.33
Apache Tomcat 5.5.13
Apache Tomcat 5.5.16
Apache Tomcat 5.5.17
Apache Tomcat 5.5.19
Apache Tomcat 4.1.34
Apache Tomcat 4.1.32
694
VMScore
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.21
Apache Tomcat 4.1.24
Apache Tomcat 4.1.25
Apache Tomcat 4.1.39
Apache Tomcat 4.1.27
Apache Tomcat 4.1.30
Apache Tomcat 4.1.18
Apache Tomcat 4.1.40
Apache Tomcat 4.1.19
Apache Tomcat 4.1.28
Apache Tomcat 4.1.31
Apache Tomcat 4.1.16
Apache Tomcat 4.1.29
Apache Tomcat 4.1.22
Apache Tomcat 4.1.26
Apache Tomcat 4.1.17
Apache Tomcat 4.1.33
Apache Tomcat 4.1.15
Apache Tomcat 4.1.20
Apache Tomcat 4.1.23
360
VMScore
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0, 5.0.0, 5.5.0 up to and including 5.5.25, and 6.0.0 up to and including 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write...
Apache Tomcat 4.1.2
Apache Tomcat 4.0.4
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.21
Apache Tomcat 4.1.24
Apache Tomcat 4.1.25
Apache Tomcat 4.1.4
Apache Tomcat 4.1.27
Apache Tomcat 4.1.30
Apache Tomcat 4.1.7
Apache Tomcat 4.1.11
Apache Tomcat 4.1.18
Apache Tomcat 4.1.14
Apache Tomcat 4.1.19
Apache Tomcat 4.1.31
Apache Tomcat 4.1.16
Apache Tomcat 4.1.29
Apache Tomcat 4.1.22
Apache Tomcat 4.0.6
Apache Tomcat 4.1.5
Apache Tomcat 4.1.26
2 EDB exploits
505
VMScore
CVE-2008-2370
Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct dire...
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.4
Apache Tomcat 5.5.20
1 EDB exploit
445
VMScore
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.39
Apache Tomcat 5.5.20
435
VMScore
CVE-2009-0580
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
1 EDB exploit
445
VMScore
CVE-2009-0033
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
383
VMScore
CVE-2009-0781
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 allows remote malicious users to inje...
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.4
760
VMScore
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 5.5.27
Apache Tomcat 3.1
Apache Tomcat 4.1.2
Apache Tomcat 4.0.4
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 3.2.1
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 5.0.8
Apache Tomcat 5.0.19
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.0.14
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 3.2.2
Apache Tomcat 5.5.10
Apache Tomcat 5.0.22
Apache Tomcat 5.5.4
2 EDB exploits
231
VMScore
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2.11
Apache Mod Jk 1.2.25
Apache Mod Jk 1.2.9
Apache Mod Jk 1.2.19
Apache Mod Jk 1.2.23
Apache Mod Jk 1.2.16
Apache Mod Jk 1.2.6
Apache Mod Jk 1.2.17
Apache Mod Jk 1.2.24
Apache Mod Jk 1.2.22
Apache Mod Jk 1.2
Apache Mod Jk 1.2.13
Apache Mod Jk 1.2.8
Apache Mod Jk 1.2.10
Apache Mod Jk 1.2.7
Apache Mod Jk 1.2.20
Apache Mod Jk 1.2.21
Apache Mod Jk 1.2.1
Apache Mod Jk 1.2.15
Apache Mod Jk 1.2.12
Apache Mod Jk 1.2.14.1
Apache Mod Jk 1.2.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started