Tomcat@5.0.25 Security Vulnerabilities and Issues — Tomcat@5.0.25 CVE List

Lucene search

ApacheTomcat5.0.25

8 matches found

CVE•added 2007/05/10 12:19 a.m.•199 views

CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

2.6CVSS5.9AI score0.06282EPSS

CVE•added 2007/06/14 11:30 p.m.•136 views

CVE-2007-2449

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS7.1AI score0.83233EPSS

CVE•added 2007/05/10 12:19 a.m.•99 views

CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unsp...

4.3CVSS5.5AI score0.77335EPSS

CVE•added 2007/08/14 10:17 p.m.•91 views

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

4.3CVSS5.3AI score0.69407EPSS

CVE•added 2007/08/14 10:17 p.m.•84 views

CVE-2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

4.3CVSS7.3AI score0.86383EPSS

CVE•added 2007/05/10 12:19 a.m.•79 views

CVE-2006-7195

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

4.3CVSS5.4AI score0.14881EPSS

CVE•added 2007/05/21 8:30 p.m.•77 views

CVE-2007-1355

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the ...

4.3CVSS8AI score0.78989EPSS

CVE•added 2007/06/14 11:30 p.m.•77 views

CVE-2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web scri...

3.5CVSS6.6AI score0.01012EPSS