Lucene search
K

16 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:2 p.m.87 views

K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714

Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...

8.8CVSS8.6AI score0.13075EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 5:32 p.m.48 views

K30971148: Apache Tomcat 6.x vulnerability CVE-2015-5174

Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in...

4.3CVSS6.5AI score0.12555EPSS
Exploits0Affected Software17
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3544

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

5CVSS8.6AI score0.11001EPSS
Exploits1References7
OSV
OSV
added 2022/05/01 5:44 p.m.43 views

GHSA-4PRH-GQW8-RGH5 Apache Tomcat Directory Traversal

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...

5CVSS6.2AI score0.90768EPSS
Exploits2References34
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.35 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K18174924)

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

4.3CVSS6.8AI score0.06232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.64 views

F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K34341852)

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5.3CVSS6.8AI score0.1838EPSS
Exploits0References2
Prion
Prion
added 2016/02/25 1:59 a.m.24 views

Design/Logic Flaw

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5CVSS6.9AI score0.1838EPSS
Exploits0References51Affected Software3
Prion
Prion
added 2016/02/25 1:59 a.m.35 views

Directory traversal

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4CVSS6.5AI score0.12555EPSS
Exploits0References47Affected Software3
Cvelist
Cvelist
added 2016/02/25 1:0 a.m.29 views

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended...

6.3AI score0.06232EPSS
Exploits0References45
UbuntuCve
UbuntuCve
added 2016/02/24 12:0 a.m.38 views

CVE-2015-5174

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.8AI score0.12555EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2012/12/05 5:45 p.m.38 views

Apache Tomcat Multiple Critical Vulnerabilities

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS Denial of Service attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities...

4.3CVSS7.2AI score0.11975EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2011/08/30 12:0 a.m.21 views

Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities

Binary data 800602.prm...

5CVSS5.1AI score0.07243EPSS
Exploits1References5
Prion
Prion
added 2010/11/26 8:0 p.m.14 views

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS6.9AI score0.02136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/11/26 7:0 p.m.72 views

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

6.4CVSS4.4AI score0.02136EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2007/03/16 10:19 p.m.24 views

CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

5CVSS6.3AI score0.90768EPSS
Exploits2References56
CVE
CVE
added 2007/03/16 10:0 p.m.363 views

CVE-2007-0450

CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...

5CVSS6.2AI score0.90768EPSS
Exploits2References56Affected Software2
Rows per page
Query Builder