apache tomcat xss vulnerabilities and exploits

(subscribe to this query)

6.1

CVSSv3

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability....

Apache Tomcat 10.1.0 Apache Tomcat8 Github repositories available

6.1

CVSSv3

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...

Apache Tomcat 9.0.0 Apache Tomcat12 Github repositories available

6.1

CVSSv3

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this...

Apache Tomee

7.1

CVSSv3

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid...

Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.10 Apache Tomcat 6.0.11 Apache Tomcat 6.0.18 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.28 Apache Tomcat 6.0.35 Apache Tomcat 6.0.36 Apache Tomcat 6.0.43 Apache Tomcat 6.0.44 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.14 Apache Tomcat 6.0.15 Apache Tomcat 6.0.22 Apache Tomcat 6.0.23 Apache Tomcat 6.0.31 Apache Tomcat 6.0.32 Apache Tomcat 6.0.39 Apache Tomcat 6.0.40 Apache Tomcat 6.0.47 Apache Tomcat 6.0.0 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.16 Apache Tomcat 6.0.17 Apache Tomcat 6.0.24 Apache Tomcat 6.0.25 Apache Tomcat 6.0.26 Apache Tomcat 6.0.33 Apache Tomcat 6.0.34 Apache Tomcat 6.0.41 Apache Tomcat 6.0.42 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.12 Apache Tomcat 6.0.13 Apache Tomcat 6.0.20 Apache Tomcat 6.0.21 Apache Tomcat 6.0.29 Apache Tomcat 6.0.30 Apache Tomcat 6.0.37 Apache Tomcat 6.0.38 Apache Tomcat 6.0.45 Apache Tomcat 6.0.46 Apache Tomcat 7.0.71 Apache Tomcat 7.0.72 Apache Tomcat 7.0.66 Apache Tomcat 7.0.67 Apache Tomcat 7.0.55 Apache Tomcat 7.0.56 Apache Tomcat 7.0.2 Apache Tomcat 7.0.3 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.19 Apache Tomcat 7.0.20 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.35 Apache Tomcat 7.0.36 Apache Tomcat 7.0.44 Apache Tomcat 7.0.45 Apache Tomcat 7.0.62 Apache Tomcat 7.0.63 Apache Tomcat 7.0.50 Apache Tomcat 7.0.51 Apache Tomcat 7.0.59 Apache Tomcat 7.0.48 Apache Tomcat 7.0.6 Apache Tomcat 7.0.7 Apache Tomcat 7.0.14 Apache Tomcat 7.0.15 Apache Tomcat 7.0.23 Apache Tomcat 7.0.24 Apache Tomcat 7.0.31 Apache Tomcat 7.0.32 Apache Tomcat 7.0.39 Apache Tomcat 7.0.40 Apache Tomcat 7.0.41 Apache Tomcat 7.0.0 Apache Tomcat 7.0.70 Apache Tomcat 7.0.64 Apache Tomcat 7.0.65 Apache Tomcat 7.0.52 Apache Tomcat 7.0.53 Apache Tomcat 7.0.54 Apache Tomcat 7.0.49 Apache Tomcat 7.0.1 Apache Tomcat 7.0.8 Apache Tomcat 7.0.9 Apache Tomcat 7.0.16 Apache Tomcat 7.0.17 Apache Tomcat 7.0.18 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.42 Apache Tomcat 7.0.43 Apache Tomcat 7.0.60 Apache Tomcat 7.0.61 Apache Tomcat 7.0.68 Apache Tomcat 7.0.69 Apache Tomcat 7.0.57 Apache Tomcat 7.0.58 Apache Tomcat 7.0.4 Apache Tomcat 7.0.5 Apache Tomcat 7.0.12 Apache Tomcat 7.0.13 Apache Tomcat 7.0.21 Apache Tomcat 7.0.22 Apache Tomcat 7.0.29 Apache Tomcat 7.0.30 Apache Tomcat 7.0.37 Apache Tomcat 7.0.38 Apache Tomcat 7.0.46 Apache Tomcat 7.0.47 Apache Tomcat 8.0.3 Apache Tomcat 8.0.4 Apache Tomcat 8.0.11 Apache Tomcat 8.0.12 Apache Tomcat 8.0.20 Apache Tomcat 8.0.21 Apache Tomcat 8.0.28 Apache Tomcat 8.0.29 Apache Tomcat 8.0.36 Apache Tomcat 8.0.37 Apache Tomcat 8.0.38 Apache Tomcat 8.0.7 Apache Tomcat 8.0.8 Apache Tomcat 8.0.16 Apache Tomcat 8.0.17 Apache Tomcat 8.0.24 Apache Tomcat 8.0.25 Apache Tomcat 8.0.32 Apache Tomcat 8.0.33 Apache Tomcat 8.0.1 Apache Tomcat 8.0.2 Apache Tomcat 8.0.9 Apache Tomcat 8.0.10 Apache Tomcat 8.0.18 Apache Tomcat 8.0.19 Apache Tomcat 8.0.26 Apache Tomcat 8.0.27 Apache Tomcat 8.0.34 Apache Tomcat 8.0.35 Apache Tomcat 8.0.5 Apache Tomcat 8.0.6 Apache Tomcat 8.0.13 Apache Tomcat 8.0.14 Apache Tomcat 8.0.15 Apache Tomcat 8.0.22 Apache Tomcat 8.0.23 Apache Tomcat 8.0.30 Apache Tomcat 8.0.31 Apache Tomcat 8.0.0 Apache Tomcat 8.5.5 Apache Tomcat 8.5.6 Apache Tomcat 8.5.1 Apache Tomcat 8.5.2 Apache Tomcat 8.5.3 Apache Tomcat 8.5.4 Apache Tomcat 8.5.0 Apache Tomcat 9.0.01 EDB exploit available5 Github repositories available

NA

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via...

Websense Websense Web Security 7.0 Websense Websense Web Filter 7.0

NA

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030....

Liferay Liferay Portal1 Github repository available

NA

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag....

Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.5 Apache Tomcat 7.0.0 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3 Apache Tomcat 6.0.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.7 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.20 Apache Tomcat 6.0.10 Apache Tomcat 6.0.29 Apache Tomcat 6.0.3 Apache Tomcat 6.0.9 Apache Tomcat 6.0.24 Apache Tomcat 6.0.17 Apache Tomcat 6.0 Apache Tomcat 6.0.28 Apache Tomcat 6.0.0 Apache Tomcat 6.0.14 Apache Tomcat 6.0.1 Apache Tomcat 6.0.12 Apache Tomcat 6.0.18 Apache Tomcat 6.0.5 Apache Tomcat 6.0.2 Apache Tomcat 6.0.13 Apache Tomcat 6.0.26 Apache Tomcat 6.0.19 Apache Tomcat 6.0.27 Apache Tomcat 6.0.16 Apache Tomcat 6.0.8 Apache Tomcat 5.5.27 Apache Tomcat 5.5.18 Apache Tomcat 5.5.12 Apache Tomcat 5.5.14 Apache Tomcat 5.5.10 Apache Tomcat 5.5.4 Apache Tomcat 5.5.7 Apache Tomcat 5.5.1 Apache Tomcat 5.5.11 Apache Tomcat 5.5.28 Apache Tomcat 5.5.6 Apache Tomcat 5.5.26 Apache Tomcat 5.5.20 Apache Tomcat 5.5.15 Apache Tomcat 5.5.5 Apache Tomcat 5.5.30 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.3 Apache Tomcat 5.5.31 Apache Tomcat 5.5.9 Apache Tomcat 5.5.25 Apache Tomcat 5.5.2 Apache Tomcat 5.5.0 Apache Tomcat 5.5.13 Apache Tomcat 5.5.24 Apache Tomcat 5.5.8 Apache Tomcat 5.5.16 Apache Tomcat 5.5.17 Apache Tomcat 5.5.29 Apache Tomcat 5.5.19 Apache Tomcat 5.5.23

NA

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via...

Apache Tomcat

NA

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the...

Apache Tomcat 4.1.2 Apache Tomcat 4.1.35 Apache Tomcat 4.1.36 Apache Tomcat 4.1.9 Apache Tomcat 5.5.18 Apache Tomcat 4.1.21 Apache Tomcat 6.0.6 Apache Tomcat 6.0.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.14 Apache Tomcat 4.1.24 Apache Tomcat 5.5.10 Apache Tomcat 5.5.4 Apache Tomcat 5.5.7 Apache Tomcat 5.5.1 Apache Tomcat 6.0.7 Apache Tomcat 5.5.11 Apache Tomcat 4.1.25 Apache Tomcat 6.0.4 Apache Tomcat 5.5.6 Apache Tomcat 5.5.26 Apache Tomcat 4.1.4 Apache Tomcat 5.5.20 Apache Tomcat 5.5.15 Apache Tomcat 5.5.5 Apache Tomcat 4.1.27 Apache Tomcat 6.0.15 Apache Tomcat 4.1.30 Apache Tomcat 4.1.7 Apache Tomcat 4.1.11 Apache Tomcat 5.5.21 Apache Tomcat 4.1.18 Apache Tomcat 5.5.22 Apache Tomcat 4.1.14 Apache Tomcat 6.0.10 Apache Tomcat 6.0.3 Apache Tomcat 4.1.19 Apache Tomcat 6.0.9 Apache Tomcat 4.1.31 Apache Tomcat 5.5.3 Apache Tomcat 4.1.16 Apache Tomcat 4.1.29 Apache Tomcat 4.1.22 Apache Tomcat 6.0 Apache Tomcat 4.1.5 Apache Tomcat 4.1.26 Apache Tomcat 4.1.13 Apache Tomcat 4.1.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.25 Apache Tomcat 6.0.0 Apache Tomcat 4.1.17 Apache Tomcat 6.0.14 Apache Tomcat 5.5.2 Apache Tomcat 4.1.33 Apache Tomcat 5.5.0 Apache Tomcat 4.1.1 Apache Tomcat 5.5.13 Apache Tomcat 6.0.1 Apache Tomcat 6.0.12 Apache Tomcat 5.5.24 Apache Tomcat 4.1.12 Apache Tomcat 4.1.28 Apache Tomcat 4.1.15 Apache Tomcat 4.1.3 Apache Tomcat 4.1.10 Apache Tomcat 5.5.8 Apache Tomcat 5.5.16 Apache Tomcat 4.1.0 Apache Tomcat 6.0.5 Apache Tomcat 4.1.20 Apache Tomcat 5.5.17 Apache Tomcat 5.5.19 Apache Tomcat 4.1.23 Apache Tomcat 4.1.34 Apache Tomcat 4.1.32 Apache Tomcat 4.1.37 Apache Tomcat 6.0.2 Apache Tomcat 6.0.13 Apache Tomcat 5.5.23 Apache Tomcat 4.1.6 Apache Tomcat 6.0.16 Apache Tomcat 6.0.8

Get Started

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook