Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tomcat 4.1.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.15 allows remote malicious users to inject arbitrar...
Apache Tomcat
Apache Tomcat 4.0.0
Apache Tomcat 4.0.1
Apache Tomcat 4.0.2
Apache Tomcat 4.0.3
Apache Tomcat 4.0.4
Apache Tomcat 4.0.5
Apache Tomcat 4.0.6
Apache Tomcat 5.0.0
Apache Tomcat 5.0.1
Apache Tomcat 5.0.2
Apache Tomcat 5.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 up to and including 6.0.20, 5.5.0 up to and including 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote malicious users to gain privileges.
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.1.1
Apache Tomcat 3.2
Apache Tomcat 3.2.1
Apache Tomcat 3.2.2
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.3
Apache Tomcat 3.3.1
Apache Tomcat 3.3.1a
Apache Tomcat 3.3.2
2 EDB exploits
2 Github repositories
2.6
CVSSv2
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2
Apache Mod Jk 1.2.1
Apache Mod Jk 1.2.6
Apache Mod Jk 1.2.7
Apache Mod Jk 1.2.8
Apache Mod Jk 1.2.9
Apache Mod Jk 1.2.10
Apache Mod Jk 1.2.11
Apache Mod Jk 1.2.12
Apache Mod Jk 1.2.13
Apache Mod Jk 1.2.14
Apache Mod Jk 1.2.14.1
4.3
CVSSv2
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16 allows remote malicious users to inject arbitrary web script or HTML via a crafted string that is used in the message...
Apache Tomcat
1 EDB exploit
5
CVSSv2
CVE-2007-5333
Apache Tomcat 6.0.0 up to and including 6.0.14, 5.5.0 up to and including 5.5.25, and 4.1.0 up to and including 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information...
Apache Tomcat
1 EDB exploit
4.2
CVSSv3
CVE-2009-0783
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, o...
Apache Tomcat
4.3
CVSSv2
CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when allowLinking and UTF-8 are enabled, allows remote malicious users to read arbitrary files via encoded directory traver...
Apache Tomcat
2 EDB exploits
2 Metasploit modules
1 Github repository
2.6
CVSSv2
CVE-2005-3164
The AJP connector in Apache Tomcat 4.0.1 up to and including 4.0.6 and 4.1.0 up to and including 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which...
Hitachi Cosminexus Application Server 05 00 05 05 E
Hitachi Cosminexus Application Server 05 00 05 05 F
Hitachi Cosminexus Application Server 05 00 05 05 H
Hitachi Cosminexus Application Server 05 00 05 05 K
Apache Tomcat
5.3
CVSSv3
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ign...
Apache Tomcat
Apache Tomee 8.0.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Agile Plm 9.3.6
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Diameter Signaling Router
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Policy Management 12.5.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Session Report Manager
7.5
CVSSv3
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.4
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.6
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.8
Vmware Spring Security 3.2.9
Vmware Spring Security 4.1.0
Vmware Spring Security 4.1.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »