tomcat vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to...

Apache Tomcat 5.5.1 Apache Tomcat 5.5.28 Apache Tomcat 5.5.27 Apache Tomcat 5.5.5 Apache Tomcat 5.5.4 Apache Tomcat 5.5.13 Apache Tomcat 5.5.14 Apache Tomcat 5.5.25 Apache Tomcat 5.5.10 Apache Tomcat 5.5.34 Apache Tomcat 5.5.6 Apache Tomcat 5.5.15 Apache Tomcat 5.5.16 Apache Tomcat 5.5.22 Apache Tomcat 5.5.23 Apache Tomcat 5.5.26 Apache Tomcat 5.5.32 Apache Tomcat 5.5.20 Apache Tomcat 5.5.9 Apache Tomcat 5.5.8 Apache Tomcat 5.5.29 Apache Tomcat 5.5.31 Apache Tomcat 5.5.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.21 Apache Tomcat 5.5.19 Apache Tomcat 5.5.30 Apache Tomcat 5.5.0 Apache Tomcat 5.5.33 Apache Tomcat 5.5.7 Apache Tomcat 5.5.17 Apache Tomcat 5.5.18 Apache Tomcat 5.5.24 Apache Tomcat 5.5.3 Apache Tomcat 5.5.2 Apache Tomcat 5.5.35 Apache Tomcat 6.0.15 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.28 Apache Tomcat 6.0.2 Apache Tomcat 6.0.0 Apache Tomcat 6.0.5 Apache Tomcat 6.0.24 Apache Tomcat 6.0.13 Apache Tomcat 6.0.35 Apache Tomcat 6.0.30 Apache Tomcat 6.0 Apache Tomcat 6.0.7 Apache Tomcat 6.0.1 Apache Tomcat 6.0.4 Apache Tomcat 6.0.27 Apache Tomcat 6.0.31 Apache Tomcat 6.0.12 Apache Tomcat 6.0.14 Apache Tomcat 6.0.6 Apache Tomcat 6.0.29 Apache Tomcat 6.0.17 Apache Tomcat 6.0.3 Apache Tomcat 6.0.26 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.33 Apache Tomcat 6.0.18 Apache Tomcat 6.0.32 Apache Tomcat 6.0.20 Apache Tomcat 6.0.19 Apache Tomcat 6.0.16 Apache Tomcat 7.0.23 Apache Tomcat 7.0.2 Apache Tomcat 7.0.0 Apache Tomcat 7.0.7 Apache Tomcat 7.0.19 Apache Tomcat 7.0.13 Apache Tomcat 7.0.5 Apache Tomcat 7.0.1 Apache Tomcat 7.0.20 Apache Tomcat 7.0.4 Apache Tomcat 7.0.22 Apache Tomcat 7.0.9 Apache Tomcat 7.0.6 Apache Tomcat 7.0.21 Apache Tomcat 7.0.17 Apache Tomcat 7.0.14 Apache Tomcat 7.0.3 Apache Tomcat 7.0.12 Apache Tomcat 7.0.8 Apache Tomcat 7.0.28 Apache Tomcat 7.0.18 Apache Tomcat 7.0.15 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16

6.4

CVSSv2

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request...

Apache Tomcat 6.0.2 Apache Tomcat 6.0.7 Apache Tomcat 6.0.11 Apache Tomcat 6.0.12 Apache Tomcat 6.0.20 Apache Tomcat 6.0.24 Apache Tomcat 6.0.32 Apache Tomcat 6.0.33 Apache Tomcat 7.0.0 Apache Tomcat 7.0.1 Apache Tomcat 7.0.17 Apache Tomcat 7.0.18 Apache Tomcat 7.0.23 Apache Tomcat 7.0.24 Apache Tomcat 7.0.30 Apache Tomcat 7.0.31 Apache Tomcat 7.0.32 Apache Tomcat 7.0.39 Apache Tomcat 7.0.4 Apache Tomcat 7.0.45 Apache Tomcat 7.0.46 Apache Tomcat 7.0.53 Apache Tomcat 7.0.54 Apache Tomcat 7.0.6 Apache Tomcat 8.0.0 Apache Tomcat 8.0.1 Apache Tomcat 6.0.0 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat 6.0.5 Apache Tomcat 6.0.4 Apache Tomcat 6.0.15 Apache Tomcat 6.0.16 Apache Tomcat 6.0.17 Apache Tomcat 6.0.28 Apache Tomcat 6.0.29 Apache Tomcat 6.0.37 Apache Tomcat 6.0.39 Apache Tomcat 7.0.13 Apache Tomcat 7.0.14 Apache Tomcat 7.0.2 Apache Tomcat 7.0.20 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.35 Apache Tomcat 7.0.36 Apache Tomcat 7.0.41 Apache Tomcat 7.0.42 Apache Tomcat 7.0.49 Apache Tomcat 7.0.5 Apache Tomcat 7.0.9 Apache Tomcat 8.0.8 Apache Tomcat 6.0.1 Apache Tomcat 6.0.10 Apache Tomcat 6.0.18 Apache Tomcat 6.0.19 Apache Tomcat 6.0.30 Apache Tomcat 6.0.31 Apache Tomcat 6.0.41 Apache Tomcat 7.0.15 Apache Tomcat 7.0.16 Apache Tomcat 7.0.21 Apache Tomcat 7.0.22 Apache Tomcat 7.0.29 Apache Tomcat 7.0.3 Apache Tomcat 7.0.37 Apache Tomcat 7.0.38 Apache Tomcat 7.0.43 Apache Tomcat 7.0.44 Apache Tomcat 7.0.50 Apache Tomcat 7.0.52 Apache Tomcat 6.0.3 Apache Tomcat 6.0.6 Apache Tomcat 6.0.13 Apache Tomcat 6.0.14 Apache Tomcat 6.0.26 Apache Tomcat 6.0.27 Apache Tomcat 6.0.35 Apache Tomcat 6.0.36 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.19 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.40 Apache Tomcat 7.0.47 Apache Tomcat 7.0.48 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 8.0.3 Apache Tomcat 8.0.5

4.3

CVSSv2

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary...

Apache Tomcat 4.0.2 Apache Tomcat 4.0.3 Apache Tomcat 5.0.12 Apache Tomcat 5.0.13 Apache Tomcat 5.0.2 Apache Tomcat 5.0.21 Apache Tomcat 5.0.29 Apache Tomcat 5.0.3 Apache Tomcat 5.0.9 Apache Tomcat 5.5.0 Apache Tomcat 5.5.15 Apache Tomcat 5.5.16 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 6.0.1 Apache Tomcat 6.0.10 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 4.0.4 Apache Tomcat 4.0.5 Apache Tomcat 5.0.14 Apache Tomcat 5.0.15 Apache Tomcat 5.0.22 Apache Tomcat 5.0.23 Apache Tomcat 5.0.30 Apache Tomcat 5.0.4 Apache Tomcat 5.5.1 Apache Tomcat 5.5.10 Apache Tomcat 5.5.17 Apache Tomcat 5.5.18 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 6.0.11 Apache Tomcat 6.0.12 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat Apache Tomcat 4.0.0 Apache Tomcat 4.0.1 Apache Tomcat 5.0.10 Apache Tomcat 5.0.11 Apache Tomcat 5.0.18 Apache Tomcat 5.0.19 Apache Tomcat 5.0.26 Apache Tomcat 5.0.27 Apache Tomcat 5.0.28 Apache Tomcat 5.0.7 Apache Tomcat 5.0.8 Apache Tomcat 5.5.13 Apache Tomcat 5.5.14 Apache Tomcat 5.5.21 Apache Tomcat 5.5.22 Apache Tomcat 5.5.9 Apache Tomcat 6.0.0 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 5.0.0 Apache Tomcat 5.0.1 Apache Tomcat 5.0.16 Apache Tomcat 5.0.17 Apache Tomcat 5.0.24 Apache Tomcat 5.0.25 Apache Tomcat 5.0.5 Apache Tomcat 5.0.6 Apache Tomcat 5.5.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.19 Apache Tomcat 5.5.2 Apache Tomcat 5.5.20 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 6.0.13 Apache Tomcat 6.0.21 EDB exploit available

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action....

4

CVSSv2

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass...

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Debian Debian Linux 8.0 Debian Debian Linux 7.0 Apache Tomcat 8.0.27 Apache Tomcat 7.0.67 Apache Tomcat 7.0.65 Apache Tomcat 8.0.18 Apache Tomcat 8.0.17 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 7.0.57 Apache Tomcat 7.0.56 Apache Tomcat 7.0.47 Apache Tomcat 7.0.42 Apache Tomcat 7.0.34 Apache Tomcat 7.0.33 Apache Tomcat 7.0.23 Apache Tomcat 7.0.22 Apache Tomcat 7.0.12 Apache Tomcat 7.0.11 Apache Tomcat 6.0.4 Apache Tomcat 6.0.39 Apache Tomcat 6.0.28 Apache Tomcat 6.0.26 Apache Tomcat 6.0.16 Apache Tomcat 6.0.14 Apache Tomcat 6.0.0 Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.21 Apache Tomcat 8.0.20 Apache Tomcat 8.0.1 Apache Tomcat 7.0.61 Apache Tomcat 7.0.6 Apache Tomcat 7.0.50 Apache Tomcat 7.0.5 Apache Tomcat 7.0.37 Apache Tomcat 7.0.35 Apache Tomcat 7.0.27 Apache Tomcat 7.0.26 Apache Tomcat 7.0.25 Apache Tomcat 7.0.16 Apache Tomcat 7.0.14 Apache Tomcat 6.0.41 Apache Tomcat 6.0.30 Apache Tomcat 6.0.29 Apache Tomcat 6.0.2 Apache Tomcat 6.0.18 Apache Tomcat 6.0.1 Apache Tomcat 8.0.30 Apache Tomcat 8.0.3 Apache Tomcat 8.0.23 Apache Tomcat 8.0.22 Apache Tomcat 8.0.12 Apache Tomcat 8.0.11 Apache Tomcat 7.0.63 Apache Tomcat 7.0.62 Apache Tomcat 7.0.53 Apache Tomcat 7.0.52 Apache Tomcat 7.0.4 Apache Tomcat 7.0.39 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 7.0.2 Apache Tomcat 7.0.19 Apache Tomcat 6.0.44 Apache Tomcat 6.0.43 Apache Tomcat 6.0.35 Apache Tomcat 6.0.33 Apache Tomcat 6.0.32 Apache Tomcat 6.0.10 Apache Tomcat 9.0.0 Apache Tomcat 8.0.26 Apache Tomcat 8.0.24 Apache Tomcat 8.0.15 Apache Tomcat 8.0.14 Apache Tomcat 7.0.64 Apache Tomcat 7.0.55 Apache Tomcat 7.0.54 Apache Tomcat 7.0.41 Apache Tomcat 7.0.40 Apache Tomcat 7.0.32 Apache Tomcat 7.0.30 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.10 Apache Tomcat 7.0.0 Apache Tomcat 6.0.37 Apache Tomcat 6.0.36 Apache Tomcat 6.0.24 Apache Tomcat 6.0.20 Apache Tomcat 6.0.13 Apache Tomcat 6.0.11

6.8

CVSSv2

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote...

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add....

6.8

CVSSv2

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by...

Apache Tomcat 8.0.29 Apache Tomcat 8.0.28 Apache Tomcat 8.0.11 Apache Tomcat 8.0.12 Apache Tomcat 8.0.23 Apache Tomcat 8.0.24 Apache Tomcat 7.0.14 Apache Tomcat 7.0.16 Apache Tomcat 7.0.25 Apache Tomcat 7.0.26 Apache Tomcat 7.0.35 Apache Tomcat 7.0.37 Apache Tomcat 7.0.5 Apache Tomcat 7.0.50 Apache Tomcat 7.0.59 Apache Tomcat 7.0.6 Apache Tomcat 8.0.27 Apache Tomcat 8.0.0 Apache Tomcat 8.0.14 Apache Tomcat 8.0.15 Apache Tomcat 8.0.26 Apache Tomcat 7.0.65 Apache Tomcat 7.0.19 Apache Tomcat 7.0.2 Apache Tomcat 7.0.27 Apache Tomcat 7.0.28 Apache Tomcat 7.0.39 Apache Tomcat 7.0.4 Apache Tomcat 7.0.52 Apache Tomcat 7.0.53 Apache Tomcat 7.0.61 Apache Tomcat 7.0.62 Apache Tomcat 7.0.63 Apache Tomcat 8.0.17 Apache Tomcat 8.0.18 Apache Tomcat 7.0.0 Apache Tomcat 7.0.10 Apache Tomcat 7.0.20 Apache Tomcat 7.0.21 Apache Tomcat 7.0.29 Apache Tomcat 7.0.30 Apache Tomcat 7.0.32 Apache Tomcat 7.0.40 Apache Tomcat 7.0.41 Apache Tomcat 7.0.54 Apache Tomcat 7.0.55 Apache Tomcat 7.0.64 Apache Tomcat 9.0.0 Apache Tomcat 8.0.3 Apache Tomcat 8.0.1 Apache Tomcat 8.0.20 Apache Tomcat 8.0.21 Apache Tomcat 8.0.22 Apache Tomcat 7.0.11 Apache Tomcat 7.0.12 Apache Tomcat 7.0.22 Apache Tomcat 7.0.23 Apache Tomcat 7.0.33 Apache Tomcat 7.0.34 Apache Tomcat 7.0.42 Apache Tomcat 7.0.47 Apache Tomcat 7.0.56 Apache Tomcat 7.0.57 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 15.10 Debian Debian Linux 8.0 Debian Debian Linux 7.0

5

CVSSv2

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These...

Apache Tomcat 8.5.1 Apache Tomcat 8.5.2 Apache Tomcat 8.5.10 Apache Tomcat 8.5.11 Apache Tomcat 8.5.5 Apache Tomcat 8.5.6 Apache Tomcat 8.5.7 Apache Tomcat 8.5.8 Apache Tomcat 8.5.9 Apache Tomcat 8.5.3 Apache Tomcat 8.5.4 Apache Tomcat 8.5.12 Apache Tomcat 8.5.0 Apache Tomcat 9.0.01 Github repository available

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook