Tomcat Security Vulnerabilities and Issues — Tomcat CVE List

Lucene search

ApacheTomcat

3 matches found

CVE•added 2010/01/28 8:30 p.m.•94 views

CVE-2009-2902

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

4.3CVSS5AI score0.1008EPSS

CVE•added 2010/01/28 8:30 p.m.•86 views

CVE-2009-2693

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

5.8CVSS5.1AI score0.15322EPSS

CVE•added 2010/01/28 8:30 p.m.•85 views

CVE-2009-2901

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

4.3CVSS5.7AI score0.06552EPSS