tomcat vulnerabilities and exploits

(subscribe to this query)

NA

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request...

Apache Tomcat 6.0.2 Apache Tomcat 6.0.7 Apache Tomcat 6.0.11 Apache Tomcat 6.0.12 Apache Tomcat 6.0.20 Apache Tomcat 6.0.24 Apache Tomcat 6.0.32 Apache Tomcat 6.0.33 Apache Tomcat 7.0.0 Apache Tomcat 7.0.1 Apache Tomcat 7.0.17 Apache Tomcat 7.0.18 Apache Tomcat 7.0.23 Apache Tomcat 7.0.24 Apache Tomcat 7.0.30 Apache Tomcat 7.0.31 Apache Tomcat 7.0.32 Apache Tomcat 7.0.39 Apache Tomcat 7.0.4 Apache Tomcat 7.0.45 Apache Tomcat 7.0.46 Apache Tomcat 7.0.53 Apache Tomcat 7.0.54 Apache Tomcat 7.0.6 Apache Tomcat 8.0.0 Apache Tomcat 8.0.1 Apache Tomcat 6.0.0 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.16 Apache Tomcat 6.0.17 Apache Tomcat 6.0.28 Apache Tomcat 6.0.29 Apache Tomcat 6.0.37 Apache Tomcat 6.0.39 Apache Tomcat 7.0.13 Apache Tomcat 7.0.14 Apache Tomcat 7.0.2 Apache Tomcat 7.0.20 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.35 Apache Tomcat 7.0.36 Apache Tomcat 7.0.41 Apache Tomcat 7.0.42 Apache Tomcat 7.0.49 Apache Tomcat 7.0.5 Apache Tomcat 7.0.9 Apache Tomcat 8.0.8 Apache Tomcat 6.0.1 Apache Tomcat 6.0.10 Apache Tomcat 6.0.18 Apache Tomcat 6.0.19 Apache Tomcat 6.0.30 Apache Tomcat 6.0.31 Apache Tomcat 6.0.41 Apache Tomcat 7.0.15 Apache Tomcat 7.0.16 Apache Tomcat 7.0.21 Apache Tomcat 7.0.22 Apache Tomcat 7.0.29 Apache Tomcat 7.0.3 Apache Tomcat 7.0.37 Apache Tomcat 7.0.38 Apache Tomcat 7.0.43 Apache Tomcat 7.0.44 Apache Tomcat 7.0.50 Apache Tomcat 7.0.52 Apache Tomcat 6.0.3 Apache Tomcat 6.0.6 Apache Tomcat 6.0.13 Apache Tomcat 6.0.14 Apache Tomcat 6.0.26 Apache Tomcat 6.0.27 Apache Tomcat 6.0.35 Apache Tomcat 6.0.36 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.19 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.40 Apache Tomcat 7.0.47 Apache Tomcat 7.0.48 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 8.0.3 Apache Tomcat 8.0.5

NA

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary...

Apache Tomcat 4.0.2 Apache Tomcat 4.0.3 Apache Tomcat 5.0.12 Apache Tomcat 5.0.13 Apache Tomcat 5.0.2 Apache Tomcat 5.0.21 Apache Tomcat 5.0.29 Apache Tomcat 5.0.3 Apache Tomcat 5.0.9 Apache Tomcat 5.5.0 Apache Tomcat 5.5.15 Apache Tomcat 5.5.16 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 6.0.1 Apache Tomcat 6.0.10 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 4.0.4 Apache Tomcat 4.0.5 Apache Tomcat 5.0.14 Apache Tomcat 5.0.15 Apache Tomcat 5.0.22 Apache Tomcat 5.0.23 Apache Tomcat 5.0.30 Apache Tomcat 5.0.4 Apache Tomcat 5.5.1 Apache Tomcat 5.5.10 Apache Tomcat 5.5.17 Apache Tomcat 5.5.18 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.12 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat Apache Tomcat 4.0.0 Apache Tomcat 4.0.1 Apache Tomcat 5.0.10 Apache Tomcat 5.0.11 Apache Tomcat 5.0.18 Apache Tomcat 5.0.19 Apache Tomcat 5.0.26 Apache Tomcat 5.0.27 Apache Tomcat 5.0.28 Apache Tomcat 5.0.7 Apache Tomcat 5.0.8 Apache Tomcat 5.5.13 Apache Tomcat 5.5.14 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.9 Apache Tomcat 6.0.0 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 5.0.0 Apache Tomcat 5.0.1 Apache Tomcat 5.0.16 Apache Tomcat 5.0.17 Apache Tomcat 5.0.24 Apache Tomcat 5.0.25 Apache Tomcat 5.0.5 Apache Tomcat 5.0.6 Apache Tomcat 5.5.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.19 Apache Tomcat 5.5.2 Apache Tomcat 5.5.20 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 6.0.13 Apache Tomcat 6.0.21 EDB exploit available

NA

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action....

4.3

CVSSv3

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass...

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Debian Debian Linux 8.0 Debian Debian Linux 7.0 Apache Tomcat 8.0.27 Apache Tomcat 7.0.67 Apache Tomcat 7.0.65 Apache Tomcat 8.0.18 Apache Tomcat 8.0.17 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 7.0.57 Apache Tomcat 7.0.56 Apache Tomcat 7.0.47 Apache Tomcat 7.0.42 Apache Tomcat 7.0.34 Apache Tomcat 7.0.33 Apache Tomcat 7.0.23 Apache Tomcat 7.0.22 Apache Tomcat 7.0.12 Apache Tomcat 7.0.11 Apache Tomcat 6.0.4 Apache Tomcat 6.0.39 Apache Tomcat 6.0.28 Apache Tomcat 6.0.26 Apache Tomcat 6.0.16 Apache Tomcat 6.0.14 Apache Tomcat 6.0.0 Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.21 Apache Tomcat 8.0.20 Apache Tomcat 8.0.1 Apache Tomcat 7.0.61 Apache Tomcat 7.0.6 Apache Tomcat 7.0.50 Apache Tomcat 7.0.5 Apache Tomcat 7.0.37 Apache Tomcat 7.0.35 Apache Tomcat 7.0.27 Apache Tomcat 7.0.26 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.14 Apache Tomcat 6.0.41 Apache Tomcat 6.0.30 Apache Tomcat 6.0.29 Apache Tomcat 6.0.2 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 8.0.30 Apache Tomcat 8.0.3 Apache Tomcat 8.0.23 Apache Tomcat 8.0.22 Apache Tomcat 8.0.12 Apache Tomcat 8.0.11 Apache Tomcat 7.0.63 Apache Tomcat 7.0.62 Apache Tomcat 7.0.53 Apache Tomcat 7.0.52 Apache Tomcat 7.0.4 Apache Tomcat 7.0.39 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 7.0.2 Apache Tomcat 7.0.19 Apache Tomcat 6.0.44 Apache Tomcat 6.0.43 Apache Tomcat 6.0.35 Apache Tomcat 6.0.33 Apache Tomcat 6.0.32 Apache Tomcat 6.0.10 Apache Tomcat 9.0.0 Apache Tomcat 8.0.26 Apache Tomcat 8.0.24 Apache Tomcat 8.0.15 Apache Tomcat 8.0.14 Apache Tomcat 7.0.64 Apache Tomcat 7.0.55 Apache Tomcat 7.0.54 Apache Tomcat 7.0.41 Apache Tomcat 7.0.40 Apache Tomcat 7.0.32 Apache Tomcat 7.0.30 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.10 Apache Tomcat 7.0.0 Apache Tomcat 6.0.37 Apache Tomcat 6.0.36 Apache Tomcat 6.0.24 Apache Tomcat 6.0.20 Apache Tomcat 6.0.13 Apache Tomcat 6.0.11

NA

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...

NA

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add....

7.5

CVSSv3

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These...

Apache Tomcat 8.5.1 Apache Tomcat 8.5.2 Apache Tomcat 8.5.10 Apache Tomcat 8.5.11 Apache Tomcat 8.5.5 Apache Tomcat 8.5.6 Apache Tomcat 8.5.7 Apache Tomcat 8.5.8 Apache Tomcat 8.5.9 Apache Tomcat 8.5.3 Apache Tomcat 8.5.4 Apache Tomcat 8.5.12 Apache Tomcat 8.5.0 Apache Tomcat 9.0.01 Github repository available

8.1

CVSSv3

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by...

Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.11 Apache Tomcat 8.0.12 Apache Tomcat 8.0.23 Apache Tomcat 8.0.24 Apache Tomcat 7.0.14 Apache Tomcat 7.0.16 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.35 Apache Tomcat 7.0.37 Apache Tomcat 7.0.5 Apache Tomcat 7.0.50 Apache Tomcat 7.0.59 Apache Tomcat 7.0.6 Apache Tomcat 8.0.27 Apache Tomcat 8.0.0 Apache Tomcat 8.0.14 Apache Tomcat 8.0.15 Apache Tomcat 8.0.26 Apache Tomcat 7.0.65 Apache Tomcat 7.0.19 Apache Tomcat 7.0.2 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.39 Apache Tomcat 7.0.4 Apache Tomcat 7.0.52 Apache Tomcat 7.0.53 Apache Tomcat 7.0.61 Apache Tomcat 7.0.62 Apache Tomcat 7.0.63 Apache Tomcat 8.0.17 Apache Tomcat 8.0.18 Apache Tomcat 7.0.0 Apache Tomcat 7.0.10 Apache Tomcat 7.0.20 Apache Tomcat 7.0.21 Apache Tomcat 7.0.29 Apache Tomcat 7.0.30 Apache Tomcat 7.0.32 Apache Tomcat 7.0.40 Apache Tomcat 7.0.41 Apache Tomcat 7.0.54 Apache Tomcat 7.0.55 Apache Tomcat 7.0.64 Apache Tomcat 9.0.0 Apache Tomcat 8.0.3 Apache Tomcat 8.0.1 Apache Tomcat 8.0.20 Apache Tomcat 8.0.21 Apache Tomcat 8.0.22 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.22 Apache Tomcat 7.0.23 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.42 Apache Tomcat 7.0.47 Apache Tomcat 7.0.56 Apache Tomcat 7.0.57 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 15.10 Debian Debian Linux 8.0 Debian Debian Linux 7.0

NA

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files....

Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11 Apache Tomcat 5.5.9 Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook