tomcat vulnerabilities and exploits

(subscribe to this query)

Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...

Apache Tomcat 4.1.0 Apache Tomcat 4.1.1 Apache Tomcat 4.1.2 Apache Tomcat 4.1.3 Apache Tomcat 4.1.4 Apache Tomcat 4.1.5 Apache Tomcat 4.1.6 Apache Tomcat 4.1.7 Apache Tomcat 4.1.8 Apache Tomcat 4.1.9 Apache Tomcat 4.1.10 Apache Tomcat 4.1.11

Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...

Apache Tomcat 4.1.0 Apache Tomcat 4.1.1 Apache Tomcat 4.1.2 Apache Tomcat 4.1.3 Apache Tomcat 4.1.4 Apache Tomcat 4.1.5 Apache Tomcat 4.1.6 Apache Tomcat 4.1.7 Apache Tomcat 4.1.8 Apache Tomcat 4.1.9 Apache Tomcat 4.1.10 Apache Tomcat 4.1.11

1 EDB exploit

Apache Tomcat prior to 5.5.35, 6.x prior to 6.0.35, and 7.x prior to 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sendi...

Apache Tomcat 5.5.35 Apache Tomcat 6.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10

1 EDB exploit

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.32 allows remote malicious users to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Apache Tomcat 6.0 Apache Tomcat 6.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.2 Apache Tomcat 6.0.3 Apache Tomcat 6.0.4 Apache Tomcat 6.0.5 Apache Tomcat 6.0.6 Apache Tomcat 6.0.7 Apache Tomcat 6.0.8 Apache Tomcat 6.0.9 Apache Tomcat 6.0.10

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 up to and including 5.5.25 and 6.0.0 up to and including 6.0.15 does not restrict certain permissions for web applications, which allows malicious users to modify logging configuration options and ov...

Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11 Apache Tomcat 5.5.12 Apache Tomcat 5.5.13 Apache Tomcat 5.5.14 Apache Tomcat 5.5.15 Apache Tomcat 5.5.16 Apache Tomcat 5.5.17 Apache Tomcat 5.5.18 Apache Tomcat 5.5.19 Apache Tomcat 5.5.20

Apache Tomcat 5.5.0 and 4.1.0 up to and including 4.1.31 allows remote malicious users to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable...

Apache Tomcat 4.1.0 Apache Tomcat 4.1.1 Apache Tomcat 4.1.2 Apache Tomcat 4.1.3 Apache Tomcat 4.1.4 Apache Tomcat 4.1.5 Apache Tomcat 4.1.6 Apache Tomcat 4.1.7 Apache Tomcat 4.1.8 Apache Tomcat 4.1.9 Apache Tomcat 4.1.10 Apache Tomcat 4.1.11

The default SSL cipher configuration in Apache Tomcat 4.1.28 up to and including 4.1.31, 5.0.0 up to and including 5.0.30, and 5.5.0 up to and including 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote malicious users to obtain sensitive i...

Apache Tomcat 4.1.28 Apache Tomcat 4.1.31 Apache Tomcat 5.0.0 Apache Tomcat 5.0.1 Apache Tomcat 5.0.2 Apache Tomcat 5.0.10 Apache Tomcat 5.0.11 Apache Tomcat 5.0.12 Apache Tomcat 5.0.13 Apache Tomcat 5.0.14 Apache Tomcat 5.0.15 Apache Tomcat 5.0.16

6 Github repositories

Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial...

Apache Tomcat 5.5.0 Apache Tomcat 5.5.1 Apache Tomcat 5.5.2 Apache Tomcat 5.5.3 Apache Tomcat 5.5.4 Apache Tomcat 5.5.5 Apache Tomcat 5.5.6 Apache Tomcat 5.5.7 Apache Tomcat 5.5.8 Apache Tomcat 5.5.9 Apache Tomcat 5.5.10 Apache Tomcat 5.5.11

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 up to and including 7.0.20, 6.0.0 up to and including 6.0.33, 5.5.0 up to and including 5.5.33, and possibly other versions allow remote malicious users to spoof AJP requests, bypass authentication, and obtain ...

Apache Tomcat 7.0.0 Apache Tomcat 7.0.1 Apache Tomcat 7.0.2 Apache Tomcat 7.0.3 Apache Tomcat 7.0.4 Apache Tomcat 7.0.5 Apache Tomcat 7.0.6 Apache Tomcat 7.0.7 Apache Tomcat 7.0.8 Apache Tomcat 7.0.9 Apache Tomcat 7.0.10 Apache Tomcat 7.0.11

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable se...

Apache Tomcat 3.3 Apache Tomcat 3.3.1 Apache Tomcat 3.3.1a Apache Tomcat 3.3.2 Apache Tomcat 4.1.0 Apache Tomcat 4.1.1 Apache Tomcat 4.1.2 Apache Tomcat 4.1.3 Apache Tomcat 4.1.9 Apache Tomcat 4.1.10 Apache Tomcat 4.1.15 Apache Tomcat 4.1.24

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook