Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

The vulnerability of the Apache Tomcat software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

🗓️ 06 Jul 2016 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Apache Tomcat Unrestricted File Upload with outdated code and non standard management enables remote code execution via JSP upload, risking confidentiality, integrity, and availability.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
26 Mar 202503:33
ibm
IBM Security Bulletins		Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
16 Jun 202221:33
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)
23 Sep 202101:31
ibm
IBM Security Bulletins		Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
6 Oct 202114:56
ibm
IBM Security Bulletins		Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool
17 Jun 201805:09
ibm
IBM Security Bulletins		Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4
15 Jun 201807:02
ibm
IBM Security Bulletins		Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4444)
17 Jun 201804:57
ibm
Tenable Nessus		Apache Tomcat 7.0.x < 7.0.40 Multiple Vulnerabilities
20 May 201300:00
nessus
Tenable Nessus		Debian DSA-3447-1 : tomcat7 - security update
19 Jan 201600:00
nessus
Tenable Nessus		Apache Tomcat 7.0.0 < 7.0.40 multiple vulnerabilities
15 May 201300:00
nessus
Rows per page
Vulners
Node
apachetomcatRange7.0.07.0.40

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Nov 2016 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.8
EPSS0.1399
apache tomcatunrestricted file uploadoutdated codenon standard managementjsp uploadremote executionconfidentiality integrity availability
1