Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2006-7195
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values....
Apache Tomcat 5.0.13Apache Tomcat 5.0.14Apache Tomcat 5.0.21Apache Tomcat 5.0.22Apache Tomcat 5.0.29Apache Tomcat 5.0.30Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.0.15Apache Tomcat 5.0.16Apache Tomcat 5.0.23Apache Tomcat 5.0.24Apache Tomcat 5.5.0Apache Tomcat 5.5.10Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.0.11Apache Tomcat 5.0.12Apache Tomcat 5.0.19Apache Tomcat 5.0.2Apache Tomcat 5.0.27Apache Tomcat 5.0.28Apache Tomcat 5.5.14Apache Tomcat 5.5.15Apache Tomcat 5.5.9Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.10Apache Tomcat 5.0.17Apache Tomcat 5.0.18Apache Tomcat 5.0.25Apache Tomcat 5.0.26Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.13Apache Tomcat 5.5.7Apache Tomcat 5.5.8
6.1
CVSSv3
CVE-2012-5636
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response....
Apache Wicket 6.1.1Apache Wicket 6.1.0Apache Wicket 6.0.0Apache Wicket 1.5.0Apache Wicket 1.4.3Apache Wicket 1.4.4Apache Wicket 1.4.5Apache Wicket 1.4.6Apache Wicket 1.4.20Apache Wicket 1.4.21Apache Wicket 1.5.5Apache Wicket 1.5.6Apache Wicket 1.5.7Apache Wicket 1.5.8Apache Wicket 1.4.12Apache Wicket 1.4.13Apache Wicket 1.4.14Apache Wicket 1.4.15Apache Wicket 6.2.0Apache Wicket 1.5.1Apache Wicket 1.5.3Apache Wicket 1.4.0Apache Wicket 1.4.2Apache Wicket 1.4.7Apache Wicket 1.4.9Apache Wicket 1.4.11Apache Wicket 1.4.16Apache Wicket 1.4.18Apache Wicket 6.3.0Apache Wicket 1.5.2Apache Wicket 1.5.4Apache Wicket 1.5.9Apache Wicket 1.4.1Apache Wicket 1.4.8Apache Wicket 1.4.10Apache Wicket 1.4.17Apache Wicket 1.4.19
NA
CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count)...
Apache Tomcat 5.5.0Apache Tomcat 5.5.25Apache Tomcat 5.5.33Apache Tomcat 5.5.7Apache Tomcat 5.5.18Apache Tomcat 5.5.15Apache Tomcat 5.5.3Apache Tomcat 5.5.22Apache Tomcat 5.5.2Apache Tomcat 5.5.35Apache Tomcat 5.5.30Apache Tomcat 5.5.9Apache Tomcat 5.5.8Apache Tomcat 5.5.29Apache Tomcat 5.5.31Apache Tomcat 5.5.17Apache Tomcat 5.5.12Apache Tomcat 5.5.24Apache Tomcat 5.5.21Apache Tomcat 5.5.19Apache Tomcat 5.5.10Apache Tomcat 5.5.1Apache Tomcat 5.5.34Apache Tomcat 5.5.6Apache Tomcat 5.5.16Apache Tomcat 5.5.13Apache Tomcat 5.5.23Apache Tomcat 5.5.26Apache Tomcat 5.5.28Apache Tomcat 5.5.27Apache Tomcat 5.5.5Apache Tomcat 5.5.4Apache Tomcat 5.5.14Apache Tomcat 5.5.11Apache Tomcat 5.5.32Apache Tomcat 5.5.20Apache Tomcat 6.0.9Apache Tomcat 6.0.8Apache Tomcat 6.0.33Apache Tomcat 6.0.4Apache Tomcat 6.0.18Apache Tomcat 6.0.1Apache Tomcat 6.0.32Apache Tomcat 6.0.24Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.17Apache Tomcat 6.0.0Apache Tomcat 6.0.26Apache Tomcat 6.0.2Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 6.0.15Apache Tomcat 6.0.28Apache Tomcat 6.0.5Apache Tomcat 6.0.13Apache Tomcat 6.0.31Apache Tomcat 6.0.35Apache Tomcat 6.0.30Apache Tomcat 6.0Apache Tomcat 6.0.14Apache Tomcat 6.0.29Apache Tomcat 6.0.27Apache Tomcat 6.0.3Apache Tomcat 6.0.12Apache Tomcat 6.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.15Apache Tomcat 7.0.11Apache Tomcat 7.0.2Apache Tomcat 7.0.25Apache Tomcat 7.0.16Apache Tomcat 7.0.6Apache Tomcat 7.0.21Apache Tomcat 7.0.14Apache Tomcat 7.0.10Apache Tomcat 7.0.12Apache Tomcat 7.0.4Apache Tomcat 7.0.8Apache Tomcat 7.0.28Apache Tomcat 7.0.23Apache Tomcat 7.0.1Apache Tomcat 7.0.0Apache Tomcat 7.0.7Apache Tomcat 7.0.19Apache Tomcat 7.0.13Apache Tomcat 7.0.5Apache Tomcat 7.0.20Apache Tomcat 7.0.17Apache Tomcat 7.0.3Apache Tomcat 7.0.22Apache Tomcat 7.0.9
7.5
CVSSv3
CVE-2017-12616
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request....
Apache Tomcat 7.0.0Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.36Apache Tomcat 7.0.37Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.63Apache Tomcat 7.0.1Apache Tomcat 7.0.6Apache Tomcat 7.0.13Apache Tomcat 7.0.14Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.2Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.15Apache Tomcat 7.0.16Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.76Apache Tomcat 7.0.77Apache Tomcat 7.0.3Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.17Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.34Apache Tomcat 7.0.35Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.51Apache Tomcat 7.0.54Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.79Apache Tomcat 7.0.80Apache Tomcat 7.0.64Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.74Apache Tomcat 7.0.75
8.1
CVSSv3
CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.74Apache Tomcat 7.0.75Apache Tomcat 7.0Apache Tomcat 7.0.4Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.20Apache Tomcat 7.0.21Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.55Apache Tomcat 7.0.56Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.72Apache Tomcat 7.0.73Apache Tomcat 7.0.2Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.32Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.76Apache Tomcat 7.0.77Apache Tomcat 7.0.3Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.51Apache Tomcat 7.0.54Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.79
7.5
CVSSv3
CVE-2017-9804
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. ...
Apache Struts 2.5.12Apache Struts 2.3.7Apache Struts 2.3.14.1Apache Struts 2.3.14.2Apache Struts 2.3.16.1Apache Struts 2.3.16.2Apache Struts 2.3.21Apache Struts 2.3.22Apache Struts 2.3.28.1Apache Struts 2.3.29Apache Struts 2.5Apache Struts 2.5.7Apache Struts 2.5.8Apache Struts 2.3.10Apache Struts 2.3.11Apache Struts 2.3.12Apache Struts 2.3.15.1Apache Struts 2.3.15.2Apache Struts 2.3.19Apache Struts 2.3.20Apache Struts 2.3.25Apache Struts 2.3.26Apache Struts 2.3.32Apache Struts 2.3.33Apache Struts 2.5.3Apache Struts 2.5.4Apache Struts 2.3.8Apache Struts 2.3.9Apache Struts 2.3.14.3Apache Struts 2.3.15Apache Struts 2.3.16.3Apache Struts 2.3.17Apache Struts 2.3.23Apache Struts 2.3.24.2Apache Struts 2.3.24.3Apache Struts 2.3.30Apache Struts 2.3.31Apache Struts 2.5.1Apache Struts 2.5.2Apache Struts 2.5.9Apache Struts 2.5.10Apache Struts 2.5.10.1Apache Struts 2.3.13Apache Struts 2.3.14Apache Struts 2.3.15.3Apache Struts 2.3.16Apache Struts 2.3.20.1Apache Struts 2.3.20.2Apache Struts 2.3.27Apache Struts 2.3.28Apache Struts 2.5.5Apache Struts 2.5.6
NA
CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request....
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.6Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 6.0.15Apache Tomcat 6.0.14Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.26Apache Tomcat 6.0.13Apache Tomcat 6.0.16Apache Tomcat 6.0.30Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.1Apache Tomcat 6.0.0Apache Tomcat 6.0.5Apache Tomcat 6.0.24Apache Tomcat 6.0.12Apache Tomcat 6.0.29Apache Tomcat 6.0.28Apache Tomcat 6.0.3Apache Tomcat 6.0.2Apache Tomcat 6.0.20Apache Tomcat 6.0.19Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.27Apache Tomcat 6.0.4Apache Tomcat 6.0.11Apache Tomcat 6.0.10
NA
CVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during...
Apache Tomcat 6.0.15Apache Tomcat 6.0.8Apache Tomcat 6.0.9Apache Tomcat 6.0.33Apache Tomcat 6.0.14Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.29Apache Tomcat 6.0.2Apache Tomcat 6.0.1Apache Tomcat 6.0.27Apache Tomcat 6.0.3Apache Tomcat 6.0.12Apache Tomcat 6.0.11Apache Tomcat 6.0.4Apache Tomcat 6.0.0Apache Tomcat 6.0.32Apache Tomcat 6.0.13Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.18Apache Tomcat 6.0.26Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 6.0.30Apache Tomcat 6.0Apache Tomcat 6.0.35Apache Tomcat 6.0.28Apache Tomcat 6.0.5Apache Tomcat 6.0.24Apache Tomcat 6.0.31Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.21Apache Tomcat 7.0.17Apache Tomcat 7.0.14Apache Tomcat 7.0.3Apache Tomcat 7.0.12Apache Tomcat 7.0.8Apache Tomcat 7.0.23Apache Tomcat 7.0.2Apache Tomcat 7.0.0Apache Tomcat 7.0.16Apache Tomcat 7.0.7Apache Tomcat 7.0.18Apache Tomcat 7.0.15Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.4Apache Tomcat 7.0.25Apache Tomcat 7.0.13Apache Tomcat 7.0.1Apache Tomcat 7.0.20Apache Tomcat 7.0.19Apache Tomcat 7.0.22Apache Tomcat 7.0.9
NA
CVE-2012-2733
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a...
Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.17Apache Tomcat 6.0.0Apache Tomcat 6.0.2Apache Tomcat 6.0.26Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 6.0Apache Tomcat 6.0.14Apache Tomcat 6.0.29Apache Tomcat 6.0.1Apache Tomcat 6.0.27Apache Tomcat 6.0.3Apache Tomcat 6.0.12Apache Tomcat 6.0.11Apache Tomcat 6.0.9Apache Tomcat 6.0.8Apache Tomcat 6.0.33Apache Tomcat 6.0.4Apache Tomcat 6.0.18Apache Tomcat 6.0.32Apache Tomcat 6.0.13Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.15Apache Tomcat 6.0.30Apache Tomcat 6.0.28Apache Tomcat 6.0.5Apache Tomcat 6.0.24Apache Tomcat 6.0.31Apache Tomcat 6.0.35Apache Tomcat 7.0.6Apache Tomcat 7.0.21Apache Tomcat 7.0.18Apache Tomcat 7.0.14Apache Tomcat 7.0.10Apache Tomcat 7.0.12Apache Tomcat 7.0.4Apache Tomcat 7.0.8Apache Tomcat 7.0.13Apache Tomcat 7.0.5Apache Tomcat 7.0.20Apache Tomcat 7.0.17Apache Tomcat 7.0.0Apache Tomcat 7.0.3Apache Tomcat 7.0.22Apache Tomcat 7.0.9Apache Tomcat 7.0.15Apache Tomcat 7.0.23Apache Tomcat 7.0.11Apache Tomcat 7.0.2Apache Tomcat 7.0.25Apache Tomcat 7.0.16Apache Tomcat 7.0.1Apache Tomcat 7.0.7Apache Tomcat 7.0.19
NA
CVE-2010-4539
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking...
Apache Subversion 1.0.5Apache Subversion 1.0.2Apache Subversion 1.1.3Apache Subversion 1.1.0Apache Subversion 1.3.0Apache Subversion 1.2.3Apache Subversion 1.4.4Apache Subversion 1.4.3Apache Subversion 0.20.0Apache Subversion 0.16.1Apache Subversion 0.20.1Apache Subversion 0.21.0Apache Subversion 0.25.0Apache Subversion 1.0.4Apache Subversion 0.37.0Apache Subversion 1.1.2Apache Subversion 1.3.2Apache Subversion 1.3.1Apache Subversion 1.4.6Apache Subversion 1.4.5Apache Subversion 0.19.0Apache Subversion 0.19.1Apache Subversion 0.24.0Apache Subversion 0.24.1Apache Subversion 0.29.0Apache Subversion 0.28.2Apache Subversion 0.35.1Apache Subversion 0.35.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.6.1Apache Subversion 1.6.0Apache Subversion 0.7Apache Subversion 0.6Apache Subversion 0.14.5Apache Subversion 0.10.2Apache Subversion 0.13.0Apache Subversion 1.6.7Apache Subversion M3Apache Subversion M2Apache Subversion M1Apache Subversion 1.0.1Apache Subversion 0.36.0Apache Subversion 1.0.9Apache Subversion 1.0.6Apache Subversion 1.0.7Apache Subversion 1.2.0Apache Subversion 1.1.4Apache Subversion 1.4.0Apache Subversion 0.18.1Apache Subversion 0.22.2Apache Subversion 0.23.0Apache Subversion 0.28.1Apache Subversion 0.28.0Apache Subversion 0.34.0Apache Subversion 0.33.1Apache Subversion 1.5.3Apache Subversion 1.5.4Apache Subversion 1.6.3Apache Subversion 1.6.2Apache Subversion 0.9Apache Subversion 0.8Apache Subversion 0.16Apache Subversion 0.14.4Apache Subversion 0.13.2Apache Subversion 0.12.0Apache Subversion 1.6.8Apache Subversion M4\\/m5Apache Subversion 0.24.2Apache Subversion 0.31.0Apache Subversion 0.30.0Apache Subversion 0.33.0Apache Subversion 1.5.8Apache Subversion 1.5.7Apache Subversion 1.6.11Apache Subversion 1.6.10Apache Subversion 0.14.2Apache Subversion 0.14.3Apache Subversion 0.14.0Apache Subversion 0.11.1Apache Subversion 0.10.0Apache Subversion 1.6.6Apache Subversion 1.6.5Apache SubversionApache Subversion 1.0.3Apache Subversion 1.0.0Apache Subversion 1.1.1Apache Subversion 1.0.8Apache Subversion 1.2.2Apache Subversion 1.2.1Apache Subversion 1.4.2Apache Subversion 1.4.1Apache Subversion 0.17.0Apache Subversion 0.17.1Apache Subversion 0.18.0Apache Subversion 0.22.0Apache Subversion 0.22.1Apache Subversion 0.27.0Apache Subversion 0.26.0Apache Subversion 0.32.1Apache Subversion 1.5.0Apache Subversion 1.5.6Apache Subversion 1.5.5Apache Subversion 1.6.13Apache Subversion 1.6.12Apache Subversion 0.14.1Apache Subversion 0.15Apache Subversion 0.10.1Apache Subversion 0.13.1Apache Subversion 1.6.4Apache Subversion 1.6.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216administrator privilegesreflected XSSCVE-2022-35011CVE-2022-34713CVE-2022-35009CVE-2022-35479CVE-2022-1410authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook