Tomcat Security Vulnerabilities and Issues — Tomcat CVE List

Lucene search

ApacheTomcat

5 matches found

CVE•added 2004/09/01 4:0 a.m.•65 views

CVE-2002-0682

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

7.5CVSS6.5AI score0.68706EPSS

CVE•added 2004/09/01 4:0 a.m.•62 views

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

7.5CVSS6.5AI score0.39379EPSS

CVE•added 2004/09/01 4:0 a.m.•59 views

CVE-2003-0043

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

5CVSS6.3AI score0.02561EPSS

CVE•added 2004/09/01 4:0 a.m.•57 views

CVE-2002-1148

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

5CVSS6.4AI score0.39379EPSS

CVE•added 2004/09/01 4:0 a.m.•56 views

CVE-2003-0045

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

5CVSS6.6AI score0.0171EPSS