Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

apache vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote malicious users ...
Apache Tomcat 5.5.0Apache Tomcat 5.5.1Apache Tomcat 5.5.2Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 5.5.9Apache Tomcat 5.5.10Apache Tomcat 5.5.11
5
CVSSv2

CVE-2011-2729

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 up to and including 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 up to and including 5.5.33, 6.0.30 up to and including 6.0.32, and 7.0.x prior to 7.0.20 on Linux, does not drop capabilities, which a...
Apache Tomcat 5.5.32Apache Tomcat 5.5.33Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.32Apache Apache Commons Daemon 1.0.3Apache Apache Commons Daemon 1.0.4Apache Apache Commons Daemon 1.0.5Apache Apache Commons Daemon 1.0.6Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2
4.3
CVSSv2

CVE-2011-0013

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 prior to 5.5.32, 6.0 prior to 6.0.30, and 7.0 prior to 7.0.6 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 6.0Apache Tomcat 6.0.0Apache Tomcat 6.0.1Apache Tomcat 6.0.2Apache Tomcat 6.0.3Apache Tomcat 6.0.4
4.3
CVSSv2

CVE-2011-0715

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion prior to 1.6.16, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Apache SubversionApache Subversion 0.6Apache Subversion 0.7Apache Subversion 0.8Apache Subversion 0.9Apache Subversion 0.10.0Apache Subversion 0.10.1Apache Subversion 0.10.2Apache Subversion 0.11.1Apache Subversion 0.12.0Apache Subversion 0.13.0Apache Subversion 0.13.1
6.8
CVSSv2

CVE-2013-6357

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demons...
Apache TomcatApache Tomcat 1.1.3Apache Tomcat 3.0Apache Tomcat 3.1Apache Tomcat 3.1.1Apache Tomcat 3.2Apache Tomcat 3.2.1Apache Tomcat 3.2.2Apache Tomcat 3.2.3Apache Tomcat 3.2.4Apache Tomcat 3.3Apache Tomcat 3.3.1
5
CVSSv2

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat prior to 6.0.40, 7.x prior to 7.0.53, and 8.x prior to 8.0.4 allows remote malicious users to cause a denial of service (resource consumption) via a...
Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11
3.3
CVSSv2

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 up to and including 1.7.12 and 1.8.0 up to and including 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Apache Subversion 1.4.0Apache Subversion 1.4.1Apache Subversion 1.4.2Apache Subversion 1.4.3Apache Subversion 1.4.4Apache Subversion 1.4.5Apache Subversion 1.4.6Apache Subversion 1.5.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.5.3Apache Subversion 1.5.4
7.5
CVSSv3

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Apache Software Foundation Apache StrutsApache Struts 2.3.7Apache Struts 2.3.8Apache Struts 2.3.9Apache Struts 2.3.10Apache Struts 2.3.11Apache Struts 2.3.12Apache Struts 2.3.13Apache Struts 2.3.14Apache Struts 2.3.14.1Apache Struts 2.3.14.2Apache Struts 2.3.14.3
2.6
CVSSv2

CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 up to and including 1.7.13 and 1.8.0 up to and including 1.8.4 allows remote malicious users to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relativ...
Apache Mod Dontdothat -Apache Subversion 1.4.0Apache Subversion 1.4.1Apache Subversion 1.4.2Apache Subversion 1.4.3Apache Subversion 1.4.4Apache Subversion 1.4.5Apache Subversion 1.4.6Apache Subversion 1.5.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.5.3
4.3
CVSSv2

CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.15 allows remote malicious users to inject arbitrar...
Apache TomcatApache Tomcat 4.0.0Apache Tomcat 4.0.1Apache Tomcat 4.0.2Apache Tomcat 4.0.3Apache Tomcat 4.0.4Apache Tomcat 4.0.5Apache Tomcat 4.0.6Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.2Apache Tomcat 5.0.3
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-49820firefoxnet/httpCVE-2025-49816konsolefile inclusionCVE-2025-33053theeventscalendarCVE-2025-49822CVE-2025-3052XXEHTML injectionCVE-2025-5959
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook