Tomcat Security Vulnerabilities and Issues — Tomcat CVE List

Lucene search

ApacheTomcat

10 matches found

CVE•added 2005/07/05 4:0 a.m.•207 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat...

4.3CVSS3.6AI score0.8199EPSS

CVE•added 2005/11/06 11:2 a.m.•65 views

CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

5CVSS6.2AI score0.20508EPSS

CVE•added 2005/07/14 4:0 a.m.•55 views

CVE-2002-2006

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

5CVSS6.1AI score0.32359EPSS

CVE•added 2005/07/14 4:0 a.m.•55 views

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or t...

5CVSS6.3AI score0.22609EPSS

CVE•added 2005/05/02 4:0 a.m.•54 views

CVE-2005-0808

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

5CVSS6.6AI score0.17541EPSS

CVE•added 2005/10/06 10:2 a.m.•53 views

CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsu...

2.6CVSS6AI score0.03388EPSS

CVE•added 2005/07/14 4:0 a.m.•46 views

CVE-2002-2008

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

5CVSS6.4AI score0.07149EPSS

CVE•added 2005/06/28 4:0 a.m.•42 views

CVE-2002-1895

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

5CVSS7.1AI score0.02785EPSS

CVE•added 2005/07/14 4:0 a.m.•41 views

CVE-2001-1563

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

7.5CVSS6.5AI score0.0498EPSS

CVE•added 2005/07/14 4:0 a.m.•37 views

CVE-2002-2009

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3)

5CVSS6.7AI score0.0278EPSS