CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

CVE•added 2011/08/15 9:0 p.m.•88 views

CVE-2011-2481

CVE-2011-2481 affects Apache Tomcat 7.0.x prior to 7.0.17. A crafted application loaded earlier than the target can replace the XML parser used by other web applications, allowing local users to read or modify (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications. This vuln...

4.6CVSS4.3AI score0.0084EPSS

Exploits2References8Affected Software1

securityvulns•added 2011/05/17 12:0 a.m.•84 views

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...

5.8CVSS0.3AI score0.06453EPSS

Exploits1

UbuntuCve•added 2011/04/08 3:17 p.m.•31 views

CVE-2011-1183

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

5.8CVSS5.9AI score0.06156EPSS

Exploits0References1

Cvelist•added 2011/04/08 3:0 p.m.•34 views

CVE-2011-1183

4.3AI score0.06156EPSS

Exploits0References8

Tenable Nessus•added 2011/04/08 12:0 a.m.•1507 views

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to documents under the /jmx-console directory. This is due to a misconfiguration in web.xml which only requires authentication for GET and POST requests. Specifying a different verb...

5.3CVSS6.7AI score0.79415EPSS

Exploits28References6

Tenable Nessus•added 2010/07/16 12:0 a.m.•61 views

Apache Tomcat 5.5.x < 5.5.30

According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities : - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directo...

6.4CVSS6.2AI score0.54779EPSS

Exploits9References7

Apache Tomcat•added 2010/07/09 12:0 a.m.•50 views

Fixed in Apache Tomcat 6.0.28

Important: Remote Denial Of Service and Information Disclosure Vulnerability CVE-2010-2227 Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail...

6.4CVSS5.6AI score0.54779EPSS

Exploits2Affected Software1

Tenable Nessus•added 2010/04/29 12:0 a.m.•97 views

JBoss Enterprise Application Platform '/web-console' Authentication Bypass

The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to certain documents under the '/web-console' directory. This is due to a misconfiguration in 'web.xml' that only requires authentication for GET and POST requests. Specifying a...

7.5CVSS8AI score0.62308EPSS

Exploits4References5

seebug.org•added 2010/04/23 12:0 a.m.•66 views

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability

No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...

2.6CVSS5.1AI score0.52507EPSS

Exploits6

0day.today•added 2010/04/22 12:0 a.m.•33 views

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure

Exploit for multiple platform in category remote exploits ======================================================================================= Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability...

7.1AI score0.52507EPSS

Exploits6

exploitpack•added 2010/04/22 12:0 a.m.•105 views

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

2.6CVSS5AI score0.52507EPSS

Exploits6

FreeBSD•added 2010/04/22 12:0 a.m.•51 views

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

2.6CVSS6.2AI score0.52507EPSS

Exploits6References1