25 matches found
DEBIAN-CVE-2024-54677
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. The following versions were EOL at...
Fixed in Apache Tomcat 11.0.2
Important: Remote Code Execution via write enabled Default Servlet. Mitigation for CVE-2024-50379 was incomplete - CVE-2024-56337 The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users running Tomcat on a case insensitive file system with the...
Fixed in Apache Tomcat 9.0.98
Important: Remote Code Execution via write enabled Default Servlet. Mitigation for CVE-2024-50379 was incomplete - CVE-2024-56337 The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 9.0.98 or later, users running Tomcat on a case insensitive file system with the...
Fixed in Apache Tomcat 8.5.82
Low: Apache Tomcat XSS in examples web application CVE-2022-34305 The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. This was fixed with commit 5f6c88b0. This issue was reported to the Apache Tomcat Securit...
Fixed in Apache Tomcat 10.0.23
Low: Apache Tomcat XSS in examples web application CVE-2022-34305 The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. This was fixed with commit 1a7e95d9. This issue was reported to the Apache Tomcat Securit...
Apache Tomcat 8.5.50 < 8.5.82 Cross-Site Scripting
The version of Apache Tomcat installed on the remote host is 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22 or 10.1.0-M1 to 10.1.0-M16. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability. The Form authentication example in the examples web application displayed user...
GHSA-6J88-6WHG-X687 Cross-site Scripting in Apache Tomcat
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
DEBIAN-CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
Cross site scripting
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
CVE-2022-34305 XSS in examples web application
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
CVE-2022-34305
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
Apache Tomcat 9.0.30 < 9.0.65
The version of Tomcat installed on the remote host is prior to 9.0.65. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.65security-9 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form...
Tomcat -- XSS in examples web application
Apache Tomcat reports: The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...
GHSA-HC39-RJWP-QFFQ Apache Tomcat XSS Vulnerabilities in Examples Web Application
Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...
Apache Tomcat XSS Vulnerabilities in Examples Web Application
Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...
[SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...
tomcat examples jsp XSS
Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
Low: Cross-site scripting CVE-2007-2449 JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note...