Apache Tomcat fails to properly handle cookies containing single quotes

Overview Apache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter...

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...

JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user'...

Important: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix multiple security issues are now available for Red Hat Application Server. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomca...

Hacking AJAX DWR Applications

By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...

SOL5790 - Security Advisory: Apache JServ Protocol vulnerability - JVN#79314822

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. Information about this advisory is available at the following location:...

AJP Connector Detection

The remote host is running an AJP Apache JServ Protocol connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21186; scriptversion"1.11";...

Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability

Exploit for multiple platform in category remote exploits ============================================================= Apache Tomcat 5.5.17 Remote Directory Listing Vulnerability ============================================================= ScanAlert Security Advisory - http://www.scanalert.com...

Caucho Resin '/caucho-status' Accessible (HTTP)

The remote Caucho Resin installation is exposing the /caucho-status endpoint. SPDX-FileCopyrightText: 2003 StrongHoldNet Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when...

JVN#79314822: Tomcat vulnerable in request processing

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. The Apache Software Foundation currently does not support AJP 1.3 Connector, and recommends the use of Coyote JK Connector instead. It also recommends...

Resin Status Page Information Disclosure

Requesting the URI '/caucho-status' or '/server-status' gives information about the currently running Resin java servlet container. %NASLMINLEVEL 70300 This script was written by Vincent Renardias Licence : GPL v2 Changes by Tenable: - Revised plugin title, family change 4/2/2009...

NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure

source: https://www.securityfocus.com/bid/4793/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI discloses the absolute path to the webroot directory when sent a specially formatted request...

Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...

Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability

Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability ========================================================================= Affected products: ================= Tomcat 3.2.1, 3.2.2-beta, 4.0-beta http://jakarta.apache.org/tomcat/ JRun 3.0...

CVE-2000-0965

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service high CPU utilization...

CVE-2000-1025

CVE-2000-1025 affects eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier. A remote attacker can cause a denial of service by requesting a URL containing the '/servlet/' path, which invokes the ServletExec servlet and triggers an exception if it is already running. Impact: partia...

CVE-2000-1025

eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running...

Unify eWave ServletExec 3.0 c - Denial of Service

Unify eWave ServletExec 3.0 c - Denial of Service source: https://www.securityfocus.com/bid/1868/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. eWave ServletExec is susceptible to a denial of...

CVE-2000-0774

The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root...