Lucene search
K

4 matches found

Prion
Prion
added 2009/06/16 9:0 p.m.33 views

Directory traversal

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

5CVSS6.5AI score0.18685EPSS
Exploits1References47Affected Software1
UbuntuCve
UbuntuCve
added 2009/03/09 12:0 a.m.38 views

CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, relat...

4.3CVSS6.4AI score0.09125EPSS
Exploits1References2
VMware
VMware
added 2009/02/23 12:0 a.m.40 views

VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27

a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposur...

5CVSS3AI score0.75865EPSS
Exploits5References4Affected Software3
Apache Tomcat
Apache Tomcat
added 2008/09/08 12:0 a.m.55 views

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

5CVSS7.5AI score0.75865EPSS
Exploits5Affected Software1
Rows per page
Query Builder