Tomcat@5.5.15 Security Vulnerabilities and Issues — Tomcat@5.5.15 CVE List

Lucene search

ApacheTomcat5.5.15

10 matches found

cve•added 2007/05/10 12:19 a.m.•199 views

CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

2.6CVSS5.9AI score0.06282EPSS

cve•added 2007/06/14 11:30 p.m.•136 views

CVE-2007-2449

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS7.1AI score0.83233EPSS

cve•added 2007/05/10 12:19 a.m.•99 views

CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unsp...

4.3CVSS5.5AI score0.77335EPSS

cve•added 2007/08/14 10:17 p.m.•91 views

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

4.3CVSS5.3AI score0.69407EPSS

cve•added 2007/08/14 10:17 p.m.•89 views

CVE-2007-3386

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

4.3CVSS6.8AI score0.46127EPSS

cve•added 2007/12/27 10:46 p.m.•87 views

CVE-2007-5342

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by chang...

6.4CVSS7.4AI score0.12423EPSS

cve•added 2007/08/14 10:17 p.m.•84 views

CVE-2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

4.3CVSS7.3AI score0.86383EPSS

cve•added 2007/05/10 12:19 a.m.•79 views

CVE-2006-7195

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

4.3CVSS5.4AI score0.14881EPSS

cve•added 2007/06/14 11:30 p.m.•77 views

CVE-2007-2450

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web scri...

3.5CVSS6.6AI score0.01012EPSS

cve•added 2007/04/25 8:19 p.m.•61 views

CVE-2006-7197

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

7.8CVSS9.3AI score0.02482EPSS