Tomcat@5.0.19 Security Vulnerabilities and Issues — Tomcat@5.0.19 CVE List

Lucene search

ApacheTomcat5.0.19

15 matches found

CVE•added 2014/02/26 2:55 p.m.•894 views

CVE-2013-4590

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration...

4.3CVSS8.8AI score0.01173EPSS

CVE•added 2013/11/13 3:55 p.m.•756 views

CVE-2013-6357

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?...

6.8CVSS7AI score0.00603EPSS

CVE•added 2014/02/26 2:55 p.m.•719 views

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-...

5.8CVSS9.3AI score0.8199EPSS

CVE•added 2014/02/26 2:55 p.m.•655 views

CVE-2013-4322

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial...

4.3CVSS9.1AI score0.67322EPSS

CVE•added 2005/07/05 4:0 a.m.•207 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat...

4.3CVSS3.6AI score0.8199EPSS

CVE•added 2007/05/10 12:19 a.m.•199 views

CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

2.6CVSS5.9AI score0.06282EPSS

CVE•added 2007/06/14 11:30 p.m.•136 views

CVE-2007-2449

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS7.1AI score0.89189EPSS

CVE•added 2009/11/12 11:30 p.m.•109 views

CVE-2009-3548

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

7.5CVSS7.8AI score0.88795EPSS

CVE•added 2007/05/10 12:19 a.m.•99 views

CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unsp...

4.3CVSS5.5AI score0.76559EPSS

CVE•added 2007/08/14 10:17 p.m.•91 views

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

4.3CVSS5.3AI score0.69407EPSS

CVE•added 2007/08/14 10:17 p.m.•84 views

CVE-2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

4.3CVSS7.3AI score0.86383EPSS

CVE•added 2009/04/09 3:8 p.m.•82 views

CVE-2008-5519

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST ...

2.6CVSS5.6AI score0.05777EPSS

CVE•added 2007/05/10 12:19 a.m.•79 views

CVE-2006-7195

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

4.3CVSS5.4AI score0.14095EPSS

CVE•added 2007/05/21 8:30 p.m.•77 views

CVE-2007-1355

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the ...

4.3CVSS8AI score0.78989EPSS

CVE•added 2007/06/14 11:30 p.m.•77 views

CVE-2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web scri...

3.5CVSS6.6AI score0.00393EPSS