Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

tomcat vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error...
Apache Tomcat 7.0.4Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.20Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.62Apache Tomcat 7.0.63Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.6Apache Tomcat 7.0.7Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.39Apache Tomcat 7.0.40Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.66Apache Tomcat 7.0.67Apache Tomcat 7.0.75Apache Tomcat 7.0.76Apache Tomcat 7.0.3Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.50Apache Tomcat 7.0.51Apache Tomcat 7.0.60Apache Tomcat 7.0.61Apache Tomcat 7.0.68Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 7.0.77Apache Tomcat 7.0.0Apache Tomcat 7.0.5Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.29Apache Tomcat 7.0.30Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.64Apache Tomcat 7.0.65Apache Tomcat 7.0.73Apache Tomcat 7.0.74Apache Tomcat 8.0.3Apache Tomcat 8.0.4Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.21Apache Tomcat 8.0.22Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.38Apache Tomcat 8.0.39Apache Tomcat 8.0.0Apache Tomcat 8.0.7Apache Tomcat 8.0.9Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.0.42Apache Tomcat 8.0.43Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.19Apache Tomcat 8.0.20Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.23Apache Tomcat 8.0.24Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.40Apache Tomcat 8.0.41Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 8.5.9Apache Tomcat 8.5.10Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.13Apache Tomcat 8.5.14Apache Tomcat 8.5.0Apache Tomcat 8.5.7Apache Tomcat 8.5.8Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.11Apache Tomcat 8.5.12Apache Tomcat 9.0.0
7.5
CVSSv3
CVE-2016-8745
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple...
Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.22Apache Tomcat 7.0.23Apache Tomcat 7.0.30Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.7Apache Tomcat 7.0.8Apache Tomcat 7.0.45Apache Tomcat 7.0.46Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.71Apache Tomcat 7.0.72Apache Tomcat 8.0.1Apache Tomcat 8.0.2Apache Tomcat 8.0.3Apache Tomcat 8.0.10Apache Tomcat 8.0.11Apache Tomcat 8.0.18Apache Tomcat 8.0.19Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.35Apache Tomcat 8.0.36Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 9.0.0Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.24Apache Tomcat 7.0.25Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.20Apache Tomcat 7.0.1Apache Tomcat 7.0.9Apache Tomcat 7.0.0Apache Tomcat 7.0.47Apache Tomcat 7.0.48Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.58Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.73Apache Tomcat 8.0Apache Tomcat 8.0.4Apache Tomcat 8.0.5Apache Tomcat 8.0.12Apache Tomcat 8.0.13Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.29Apache Tomcat 8.0.30Apache Tomcat 8.0.37Apache Tomcat 8.0.38Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.40Apache Tomcat 7.0.21Apache Tomcat 7.0.28Apache Tomcat 7.0.29Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.43Apache Tomcat 7.0.44Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.69Apache Tomcat 7.0.70Apache Tomcat 8.0.0Apache Tomcat 8.0.8Apache Tomcat 8.0.9Apache Tomcat 8.0.16Apache Tomcat 8.0.17Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.26Apache Tomcat 8.0.33Apache Tomcat 8.0.34Apache Tomcat 8.5.1Apache Tomcat 8.5.2Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.39Apache Tomcat 7.0.26Apache Tomcat 7.0.27Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.2Apache Tomcat 7.0.3Apache Tomcat 7.0.4Apache Tomcat 7.0.41Apache Tomcat 7.0.42Apache Tomcat 7.0.49Apache Tomcat 7.0.50Apache Tomcat 7.0.59Apache Tomcat 7.0.60Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 8.0.6Apache Tomcat 8.0.7Apache Tomcat 8.0.14Apache Tomcat 8.0.15Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.31Apache Tomcat 8.0.32Apache Tomcat 8.0.39Apache Tomcat 8.5.0Apache Tomcat 8.5.7Apache Tomcat 8.5.8
NA
CVE-2010-2227
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that...
Apache Tomcat 5.5.27Apache Tomcat 5.5.9Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.3Apache Tomcat 5.5.22Apache Tomcat 5.5.0Apache Tomcat 5.5.8Apache Tomcat 5.5.7Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.13Apache Tomcat 5.5.23Apache Tomcat 5.5.26Apache Tomcat 5.5.25Apache Tomcat 5.5.10Apache Tomcat 5.5.6Apache Tomcat 5.5.5Apache Tomcat 5.5.14Apache Tomcat 5.5.11Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.1Apache Tomcat 5.5.28Apache Tomcat 5.5.4Apache Tomcat 5.5.29Apache Tomcat 5.5.12Apache Tomcat 5.5.24Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 6.0.15Apache Tomcat 6.0.18Apache Tomcat 6.0.1Apache Tomcat 6.0.0Apache Tomcat 6.0.12Apache Tomcat 6.0.11Apache Tomcat 6.0.14Apache Tomcat 6.0.6Apache Tomcat 6.0.5Apache Tomcat 6.0.4Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.3Apache Tomcat 6.0.2Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.9Apache Tomcat 6.0.17Apache Tomcat 6.0.13Apache Tomcat 6.0.24Apache Tomcat 6.0.26Apache Tomcat 6.0.27Apache Tomcat 7.0.0
NA
CVE-2013-4286
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's...
Apache Tomcat 7.0.43Apache Tomcat 7.0.42Apache Tomcat 7.0.37Apache Tomcat 7.0.36Apache Tomcat 7.0.3Apache Tomcat 7.0.29Apache Tomcat 7.0.21Apache Tomcat 7.0.20Apache Tomcat 7.0.15Apache Tomcat 7.0.14Apache Tomcat 7.0.0Apache Tomcat 7.0.45Apache Tomcat 7.0.44Apache Tomcat 7.0.39Apache Tomcat 7.0.38Apache Tomcat 7.0.31Apache Tomcat 7.0.30Apache Tomcat 7.0.23Apache Tomcat 7.0.22Apache Tomcat 7.0.17Apache Tomcat 7.0.16Apache Tomcat 7.0.1Apache Tomcat 7.0.46Apache Tomcat 7.0.4Apache Tomcat 7.0.33Apache Tomcat 7.0.32Apache Tomcat 7.0.26Apache Tomcat 7.0.25Apache Tomcat 7.0.24Apache Tomcat 7.0.19Apache Tomcat 7.0.18Apache Tomcat 7.0.11Apache Tomcat 7.0.10Apache Tomcat 7.0.41Apache Tomcat 7.0.40Apache Tomcat 7.0.35Apache Tomcat 7.0.34Apache Tomcat 7.0.28Apache Tomcat 7.0.27Apache Tomcat 7.0.2Apache Tomcat 7.0.13Apache Tomcat 7.0.12Apache Tomcat 8.0.0Apache Tomcat 6.0.32Apache Tomcat 6.0.31Apache Tomcat 6.0.24Apache Tomcat 6.0.20Apache Tomcat 6.0.16Apache Tomcat 6.0.15Apache Tomcat 6.0.14Apache Tomcat 6.0.0Apache Tomcat 5.5.5Apache Tomcat 5.5.4Apache Tomcat 5.5.29Apache Tomcat 5.5.28Apache Tomcat 5.5.21Apache Tomcat 5.5.20Apache Tomcat 5.5.14Apache Tomcat 5.5.13Apache Tomcat 5.0.7Apache Tomcat 5.0.6Apache Tomcat 5.0.27Apache Tomcat 5.0.26Apache Tomcat 5.0.19Apache Tomcat 5.0.18Apache Tomcat 5.0.10Apache Tomcat 5.0.1Apache Tomcat 4.1.3Apache Tomcat 4.1.29Apache Tomcat 4.1.1Apache Tomcat 4.1.0Apache Tomcat 4Apache Tomcat 3.3.2Apache Tomcat 3.2.2Apache Tomcat 3.2.1Apache Tomcat 6.0.35Apache Tomcat 6.0.33Apache Tomcat 6.0.27Apache Tomcat 6.0.26Apache Tomcat 6.0.18Apache Tomcat 6.0.17Apache Tomcat 6.0.1Apache Tomcat 5.5.7Apache Tomcat 5.5.6Apache Tomcat 5.5.31Apache Tomcat 5.5.30Apache Tomcat 5.5.3Apache Tomcat 5.5.23Apache Tomcat 5.5.22Apache Tomcat 5.5.16Apache Tomcat 5.5.15Apache Tomcat 5.5.0Apache Tomcat 5.0.9Apache Tomcat 5.0.8Apache Tomcat 5.0.29Apache Tomcat 5.0.28Apache Tomcat 5.0.21Apache Tomcat 5.0.2Apache Tomcat 5.0.12Apache Tomcat 5.0.11Apache Tomcat 4.1.31Apache Tomcat 4.1.12Apache Tomcat 4.1.10Apache Tomcat 4.0.1Apache Tomcat 4.0.0Apache Tomcat 3.2.3Apache Tomcat 1.1.3Apache TomcatApache Tomcat 6.0.36Apache Tomcat 6.0.29Apache Tomcat 6.0.28Apache Tomcat 6.0.2Apache Tomcat 6.0.19Apache Tomcat 6.0.11Apache Tomcat 6.0.10Apache Tomcat 5.5.9Apache Tomcat 5.5.8Apache Tomcat 5.5.33Apache Tomcat 5.5.32Apache Tomcat 5.5.25Apache Tomcat 5.5.24Apache Tomcat 5.5.18Apache Tomcat 5.5.17Apache Tomcat 5.5.10Apache Tomcat 5.5.1Apache Tomcat 5.0.30Apache Tomcat 5.0.3Apache Tomcat 5.0.23Apache Tomcat 5.0.22Apache Tomcat 5.0.15Apache Tomcat 5.0.14Apache Tomcat 5.0.13Apache Tomcat 4.1.9Apache Tomcat 4.1.36Apache Tomcat 4.1.2Apache Tomcat 4.1.15Apache Tomcat 4.0.3Apache Tomcat 4.0.2Apache Tomcat 3.3Apache Tomcat 3.2.4Apache Tomcat 3.1Apache Tomcat 3.0Apache Tomcat 6.0.30Apache Tomcat 6.0.3Apache Tomcat 6.0.13Apache Tomcat 6.0.12Apache Tomcat 6.0Apache Tomcat 6Apache Tomcat 5.5.35Apache Tomcat 5.5.34Apache Tomcat 5.5.27Apache Tomcat 5.5.26Apache Tomcat 5.5.2Apache Tomcat 5.5.19Apache Tomcat 5.5.12Apache Tomcat 5.5.11Apache Tomcat 5.0.5Apache Tomcat 5.0.4Apache Tomcat 5.0.25Apache Tomcat 5.0.24Apache Tomcat 5.0.17Apache Tomcat 5.0.16Apache Tomcat 5.0.0Apache Tomcat 5Apache Tomcat 4.1.28Apache Tomcat 4.1.24Apache Tomcat 4.0.6Apache Tomcat 4.0.5Apache Tomcat 4.0.4Apache Tomcat 3.3.1aApache Tomcat 3.3.1Apache Tomcat 3.2Apache Tomcat 3.1.1
NA
CVE-2011-0013
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag....
Apache Tomcat 7.0.1Apache Tomcat 7.0.2Apache Tomcat 7.0.5Apache Tomcat 7.0.0Apache Tomcat 7.0.4Apache Tomcat 7.0.3Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 6.0.7Apache Tomcat 6.0.4Apache Tomcat 6.0.15Apache Tomcat 6.0.20Apache Tomcat 6.0.10Apache Tomcat 6.0.29Apache Tomcat 6.0.3Apache Tomcat 6.0.9Apache Tomcat 6.0.24Apache Tomcat 6.0.17Apache Tomcat 6.0Apache Tomcat 6.0.28Apache Tomcat 6.0.0Apache Tomcat 6.0.14Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 6.0.18Apache Tomcat 6.0.5Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 6.0.26Apache Tomcat 6.0.19Apache Tomcat 6.0.27Apache Tomcat 6.0.16Apache Tomcat 6.0.8Apache Tomcat 5.5.27Apache Tomcat 5.5.18Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.5.11Apache Tomcat 5.5.28Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 5.5.5Apache Tomcat 5.5.30Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.3Apache Tomcat 5.5.31Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 5.5.2Apache Tomcat 5.5.0Apache Tomcat 5.5.13Apache Tomcat 5.5.24Apache Tomcat 5.5.8Apache Tomcat 5.5.16Apache Tomcat 5.5.17Apache Tomcat 5.5.29Apache Tomcat 5.5.19Apache Tomcat 5.5.23
NA
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to...
Apache Tomcat 4.0.4Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 5.5.12Apache Tomcat 5.0.14Apache Tomcat 5.5.14Apache Tomcat 5.5.10Apache Tomcat 5.0.22Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 5.0.7Apache Tomcat 5.5.11Apache Tomcat 5.5.6Apache Tomcat 5.0.9Apache Tomcat 5.0.15Apache Tomcat 5.0.30Apache Tomcat 5.5.15Apache Tomcat 5.0.23Apache Tomcat 5.0.2Apache Tomcat 5.5.5Apache Tomcat 5.0.10Apache Tomcat 5.0.21Apache Tomcat 5.0.26Apache Tomcat 5.0.0Apache Tomcat 5.0.6Apache Tomcat 5.5.3Apache Tomcat 5.0.27Apache Tomcat 5.0.16Apache Tomcat 4.0.6Apache Tomcat 5.5.9Apache Tomcat 4.0.3Apache Tomcat 5.0.18Apache Tomcat 4.0.1Apache Tomcat 5.5.2Apache Tomcat 5.0.5Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.5.0Apache Tomcat 5.5.13Apache Tomcat 5.0.13Apache Tomcat 5.5.8Apache Tomcat 5.0.17Apache Tomcat 4.0.2Apache Tomcat 4.0.5Apache Tomcat 4.0.0Apache Tomcat 5.0.4Apache Tomcat 5.0.25Apache Tomcat 5.0.1Apache Tomcat 5.0.11Apache Tomcat 5.0.3Apache TomcatApache Tomcat 5.0.24Apache Tomcat 5.0.12
NA
CVE-2009-0033
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to...
Apache Tomcat 5.5.27Apache Tomcat 4.1.2Apache Tomcat 4.1.35Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.5.18Apache Tomcat 4.1.21Apache Tomcat 6.0.6Apache Tomcat 6.0.11Apache Tomcat 5.5.12Apache Tomcat 5.5.14Apache Tomcat 4.1.24Apache Tomcat 5.5.10Apache Tomcat 5.5.4Apache Tomcat 5.5.7Apache Tomcat 5.5.1Apache Tomcat 6.0.7Apache Tomcat 5.5.11Apache Tomcat 4.1.25Apache Tomcat 6.0.4Apache Tomcat 5.5.6Apache Tomcat 5.5.26Apache Tomcat 4.1.39Apache Tomcat 4.1.4Apache Tomcat 5.5.20Apache Tomcat 5.5.15Apache Tomcat 5.5.5Apache Tomcat 4.1.27Apache Tomcat 6.0.15Apache Tomcat 4.1.30Apache Tomcat 4.1.7Apache Tomcat 4.1.38Apache Tomcat 4.1.11Apache Tomcat 5.5.21Apache Tomcat 4.1.18Apache Tomcat 5.5.22Apache Tomcat 4.1.14Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 4.1.19Apache Tomcat 6.0.9Apache Tomcat 4.1.31Apache Tomcat 5.5.3Apache Tomcat 4.1.16Apache Tomcat 4.1.29Apache Tomcat 4.1.22Apache Tomcat 4.1.5Apache Tomcat 4.1.26Apache Tomcat 4.1.13Apache Tomcat 4.1.8Apache Tomcat 5.5.9Apache Tomcat 5.5.25Apache Tomcat 6.0.0Apache Tomcat 4.1.17Apache Tomcat 6.0.14Apache Tomcat 5.5.2Apache Tomcat 4.1.33Apache Tomcat 5.5.0Apache Tomcat 4.1.1Apache Tomcat 5.5.13Apache Tomcat 6.0.1Apache Tomcat 6.0.12Apache Tomcat 5.5.24Apache Tomcat 4.1.12Apache Tomcat 4.1.28Apache Tomcat 4.1.15Apache Tomcat 4.1.3Apache Tomcat 4.1.10Apache Tomcat 5.5.8Apache Tomcat 5.5.16Apache Tomcat 4.1.0Apache Tomcat 6.0.5Apache Tomcat 4.1.20Apache Tomcat 5.5.17Apache Tomcat 5.5.19Apache Tomcat 4.1.23Apache Tomcat 4.1.34Apache Tomcat 4.1.32Apache Tomcat 4.1.37Apache Tomcat 6.0.2Apache Tomcat 6.0.13Apache Tomcat 5.5.23Apache Tomcat 4.1.6Apache Tomcat 6.0.16Apache Tomcat 6.0.8
9.8
CVSSv3
CVE-2016-8735
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't...
Apache Tomcat 6.0.0Apache Tomcat 6.0.15Apache Tomcat 6.0.16Apache Tomcat 6.0.17Apache Tomcat 6.0.23Apache Tomcat 6.0.24Apache Tomcat 6.0.30Apache Tomcat 6.0.31Apache Tomcat 6.0.39Apache Tomcat 6.0.4Apache Tomcat 6.0.46Apache Tomcat 6.0.47Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.2Apache Tomcat 6.0.20Apache Tomcat 6.0.27Apache Tomcat 6.0.28Apache Tomcat 6.0.34Apache Tomcat 6.0.35Apache Tomcat 6.0.42Apache Tomcat 6.0.43Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.18Apache Tomcat 6.0.19Apache Tomcat 6.0.25Apache Tomcat 6.0.26Apache Tomcat 6.0.32Apache Tomcat 6.0.33Apache Tomcat 6.0.40Apache Tomcat 6.0.41Apache Tomcat 6.0.5Apache Tomcat 6.0.6Apache Tomcat 6.0.13Apache Tomcat 6.0.14Apache Tomcat 6.0.21Apache Tomcat 6.0.22Apache Tomcat 6.0.29Apache Tomcat 6.0.3Apache Tomcat 6.0.36Apache Tomcat 6.0.37Apache Tomcat 6.0.38Apache Tomcat 6.0.44Apache Tomcat 6.0.45Apache Tomcat 6.0.9Apache Tomcat 7.0.0Apache Tomcat 7.0.1Apache Tomcat 7.0.16Apache Tomcat 7.0.17Apache Tomcat 7.0.23Apache Tomcat 7.0.24Apache Tomcat 7.0.30Apache Tomcat 7.0.31Apache Tomcat 7.0.32Apache Tomcat 7.0.39Apache Tomcat 7.0.4Apache Tomcat 7.0.46Apache Tomcat 7.0.47Apache Tomcat 7.0.54Apache Tomcat 7.0.55Apache Tomcat 7.0.61Apache Tomcat 7.0.62Apache Tomcat 7.0.69Apache Tomcat 7.0.7Apache Tomcat 7.0.12Apache Tomcat 7.0.13Apache Tomcat 7.0.2Apache Tomcat 7.0.20Apache Tomcat 7.0.27Apache Tomcat 7.0.28Apache Tomcat 7.0.35Apache Tomcat 7.0.36Apache Tomcat 7.0.42Apache Tomcat 7.0.43Apache Tomcat 7.0.5Apache Tomcat 7.0.50Apache Tomcat 7.0.58Apache Tomcat 7.0.59Apache Tomcat 7.0.65Apache Tomcat 7.0.66Apache Tomcat 7.0.72Apache Tomcat 7.0.8Apache Tomcat 7.0.9Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.18Apache Tomcat 7.0.19Apache Tomcat 7.0.25Apache Tomcat 7.0.26Apache Tomcat 7.0.33Apache Tomcat 7.0.34Apache Tomcat 7.0.40Apache Tomcat 7.0.41Apache Tomcat 7.0.48Apache Tomcat 7.0.49Apache Tomcat 7.0.56Apache Tomcat 7.0.57Apache Tomcat 7.0.63Apache Tomcat 7.0.64Apache Tomcat 7.0.70Apache Tomcat 7.0.71Apache Tomcat 7.0.14Apache Tomcat 7.0.15Apache Tomcat 7.0.21Apache Tomcat 7.0.22Apache Tomcat 7.0.29Apache Tomcat 7.0.3Apache Tomcat 7.0.37Apache Tomcat 7.0.38Apache Tomcat 7.0.44Apache Tomcat 7.0.45Apache Tomcat 7.0.51Apache Tomcat 7.0.52Apache Tomcat 7.0.53Apache Tomcat 7.0.6Apache Tomcat 7.0.60Apache Tomcat 7.0.67Apache Tomcat 7.0.68Apache Tomcat 8.0.1Apache Tomcat 8.0.10Apache Tomcat 8.0.17Apache Tomcat 8.0.18Apache Tomcat 8.0.24Apache Tomcat 8.0.25Apache Tomcat 8.0.32Apache Tomcat 8.0.33Apache Tomcat 8.0.5Apache Tomcat 8.0.6Apache Tomcat 8.0.13Apache Tomcat 8.0.14Apache Tomcat 8.0.20Apache Tomcat 8.0.21Apache Tomcat 8.0.29Apache Tomcat 8.0.3Apache Tomcat 8.0.36Apache Tomcat 8.0.37Apache Tomcat 8.0.9Apache Tomcat 8.0.11Apache Tomcat 8.0.12Apache Tomcat 8.0.19Apache Tomcat 8.0.2Apache Tomcat 8.0.26Apache Tomcat 8.0.27Apache Tomcat 8.0.28Apache Tomcat 8.0.34Apache Tomcat 8.0.35Apache Tomcat 8.0.7Apache Tomcat 8.0.8Apache Tomcat 8.0.0Apache Tomcat 8.0.15Apache Tomcat 8.0.16Apache Tomcat 8.0.22Apache Tomcat 8.0.23Apache Tomcat 8.0.30Apache Tomcat 8.0.31Apache Tomcat 8.0.38Apache Tomcat 8.0.4Apache Tomcat 8.5.2Apache Tomcat 8.5.3Apache Tomcat 8.5.4Apache Tomcat 8.5.5Apache Tomcat 8.5.6Apache Tomcat 8.5.0Apache Tomcat 8.5.1Apache Tomcat 9.0.0
NA
CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at...
Apache Tomcat 6.0Apache Tomcat 6.0.14Apache Tomcat 6.0.29Apache Tomcat 6.0.33Apache Tomcat 6.0.18Apache Tomcat 6.0.1Apache Tomcat 6.0.32Apache Tomcat 6.0.9Apache Tomcat 6.0.8Apache Tomcat 6.0.2Apache Tomcat 6.0.4Apache Tomcat 6.0.27Apache Tomcat 6.0.3Apache Tomcat 6.0.12Apache Tomcat 6.0.11Apache Tomcat 6.0.6Apache Tomcat 6.0.7Apache Tomcat 6.0.28Apache Tomcat 6.0.0Apache Tomcat 6.0.5Apache Tomcat 6.0.24Apache Tomcat 6.0.31Apache Tomcat 6.0.13Apache Tomcat 6.0.19Apache Tomcat 6.0.16Apache Tomcat 6.0.15Apache Tomcat 6.0.30Apache Tomcat 6.0.35Apache Tomcat 6.0.17Apache Tomcat 6.0.26Apache Tomcat 6.0.10Apache Tomcat 6.0.20Apache Tomcat 7.0.5Apache Tomcat 7.0.6Apache Tomcat 7.0.17Apache Tomcat 7.0.14Apache Tomcat 7.0.3Apache Tomcat 7.0.28Apache Tomcat 7.0.22Apache Tomcat 7.0.9Apache Tomcat 7.0.13Apache Tomcat 7.0.2Apache Tomcat 7.0.1Apache Tomcat 7.0.20Apache Tomcat 7.0.4Apache Tomcat 7.0.0Apache Tomcat 7.0.7Apache Tomcat 7.0.19Apache Tomcat 7.0.15Apache Tomcat 7.0.23Apache Tomcat 7.0.25Apache Tomcat 7.0.16Apache Tomcat 7.0.21Apache Tomcat 7.0.18Apache Tomcat 7.0.10Apache Tomcat 7.0.11Apache Tomcat 7.0.12Apache Tomcat 7.0.8
NA
CVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Apache Tomcat 4.1.1Apache Tomcat 4.1.10Apache Tomcat 4.1.31Apache Tomcat 4.1.36Apache Tomcat 4.1.9Apache Tomcat 5.0.14Apache Tomcat 5.0.15Apache Tomcat 5.0.22Apache Tomcat 5.0.23Apache Tomcat 5.0.30Apache Tomcat 5.0.4Apache Tomcat 5.5.1Apache Tomcat 5.5.10Apache Tomcat 5.5.17Apache Tomcat 5.5.18Apache Tomcat 5.5.3Apache Tomcat 5.5.4Apache Tomcat 6.0.1Apache Tomcat 6.0.10Apache Tomcat 6.0.5Apache Tomcat 3.3Apache Tomcat 4.1.15Apache Tomcat 4.1.2Apache Tomcat 5.0.0Apache Tomcat 5.0.1Apache Tomcat 5.0.16Apache Tomcat 5.0.17Apache Tomcat 5.0.24Apache Tomcat 5.0.25Apache Tomcat 5.0.5Apache Tomcat 5.0.6Apache Tomcat 5.5.11Apache Tomcat 5.5.12Apache Tomcat 5.5.19Apache Tomcat 5.5.2Apache Tomcat 5.5.5Apache Tomcat 5.5.6Apache Tomcat 6.0.11Apache Tomcat 6.0.12Apache Tomcat 6.0.7Apache Tomcat 6.0.8Apache Tomcat 3.3.2Apache Tomcat 4.1.0Apache Tomcat 4.1.3Apache Tomcat 5.0.12Apache Tomcat 5.0.13Apache Tomcat 5.0.2Apache Tomcat 5.0.21Apache Tomcat 5.0.28Apache Tomcat 5.0.29Apache Tomcat 5.0.3Apache Tomcat 5.0.9Apache Tomcat 5.5.0Apache Tomcat 5.5.15Apache Tomcat 5.5.16Apache Tomcat 5.5.23Apache Tomcat 5.5.24Apache Tomcat 5.5.9Apache Tomcat 6.0.0Apache Tomcat 6.0.3Apache Tomcat 3.3.1Apache Tomcat 3.3.1aApache Tomcat 4.1.24Apache Tomcat 4.1.28Apache Tomcat 5.0.10Apache Tomcat 5.0.11Apache Tomcat 5.0.18Apache Tomcat 5.0.19Apache Tomcat 5.0.26Apache Tomcat 5.0.27Apache Tomcat 5.0.7Apache Tomcat 5.0.8Apache Tomcat 5.5.13Apache Tomcat 5.5.14Apache Tomcat 5.5.20Apache Tomcat 5.5.21Apache Tomcat 5.5.22Apache Tomcat 5.5.7Apache Tomcat 5.5.8Apache Tomcat 6.0.13Apache Tomcat 6.0.2Apache Tomcat 6.0.9Apache Tomcat 6.0.4Apache Tomcat 6.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-20963CVE-2023-28626remote attackersfile inclusionCVE-2023-28447CVE-2023-27394CVE-2023-23529CVE-2023-27231XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook