6 matches found
Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the parseHeaders function that allows for a crafted header to cause a remote...
PT-2010-2872 · Apache +1 · Apache Tomcat +1
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...
CVE-2009-2902
CVE-2009-2902 is a directory traversal vulnerability in Apache Tomcat, affecting 5.5.0–5.5.28 and 6.0.0–6.0.20. The issue allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename (e.g., a crafted entry like ../../... in a WAR). The connected Nessu...
JVN#30732239: Apache Tomcat allows access from a non-permitted IP address
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. Impact Impact varies depending on t...
PT-2008-4375 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.37 Apache Tomcat versions 5.5.0 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16 Description: The issue allows remote attackers to read arbitrary files via encoded directory traversal sequenc...
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user supplied data. This enables a cross-site scripting attack. Impact An arbitrary script could be executed on the...