Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tomcat vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2020-8022
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux ...
Apache Tomcat
Opensuse Leap 15.1
641
VMScore
CVE-2017-14105
HiveManager Classic up to and including 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a...
Aerohive Hivemanager Classic 8.0r1
Aerohive Hivemanager Classic 8.1r1
1 Github repository
641
VMScore
CVE-2016-9774
The postinst script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u4 on Debian wheezy, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u8 on Debian wheezy, prior to 7.0.56-3+deb8u6 on Debian jessie, prior to 7....
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 7.0
Apache Tomcat 8.0
Apache Tomcat 6.0
641
VMScore
CVE-2016-9775
The postrm script in the tomcat6 package prior to 6.0.45+dfsg-1~deb7u3 on Debian wheezy, prior to 6.0.45+dfsg-1~deb8u1 on Debian jessie, prior to 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package prior to 7.0.28-4+deb7u7 on Debian wheezy, prior to...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 16.10
Apache Tomcat 8.0
Apache Tomcat 6.0
Apache Tomcat 7.0
641
VMScore
CVE-2004-1452
Tomcat prior to 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
Gentoo Linux 1.1a
Gentoo Linux 1.2
Gentoo Linux 1.4
Gentoo Linux 0.5
Gentoo Linux 0.7
605
VMScore
CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 up to and including 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both...
Opentext Brava\\!
605
VMScore
CVE-2013-4444
Unrestricted file upload vulnerability in Apache Tomcat 7.x prior to 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote malicious users to execute arbitrary code by uploading and accessing a JSP file.
Apache Tomcat 7.0.11
Apache Tomcat 7.0.12
Apache Tomcat 7.0.19
Apache Tomcat 7.0.2
Apache Tomcat 7.0.26
Apache Tomcat 7.0.27
Apache Tomcat 7.0.33
Apache Tomcat 7.0.34
Apache Tomcat 7.0.4
Apache Tomcat 7.0.1
Apache Tomcat 7.0.10
Apache Tomcat 7.0.17
Apache Tomcat 7.0.18
Apache Tomcat 7.0.23
Apache Tomcat 7.0.24
Apache Tomcat 7.0.25
Apache Tomcat 7.0.31
Apache Tomcat 7.0.32
Apache Tomcat
Apache Tomcat 7.0.0
Apache Tomcat 7.0.15
Apache Tomcat 7.0.16
605
VMScore
CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote malicious users to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
Novell Imanager 2.7
Novell Imanager 2.7.3
Novell Imanager 2.7.4
Novell Imanager 2.7.5
Novell Imanager
Novell Imanager 2.7.1
Novell Imanager 2.7.2
605
VMScore
CVE-2012-3908
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances prior to 1.1.0.665 Cumulative Patch 1 allow remote malicious users to hijack the aut...
Cisco Identity Services Engine Software 1.0
Cisco Identity Services Engine Software 1.0.4
Cisco Identity Services Engine Software 1.1.1
Cisco Identity Services Engine Software 1.0mr
Cisco Identity Services Engine Software 1.1
Cisco Identity Services Engine 3300
605
VMScore
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x up to and including 3.3.1a allow remote malicious users to insert arbitrary web script or HTML.
Apache Tomcat 3.3
Apache Tomcat 3.3.1
Apache Tomcat 3.2.3
Apache Tomcat 3.2.4
Apache Tomcat 3.0
Apache Tomcat 3.1
Apache Tomcat 3.1.1
Apache Tomcat 3.3.1a
Apache Tomcat 3.2
Apache Tomcat 3.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »