Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
tomcatApache TomcatTOMCAT:E676AE46560F7CF2AF55891ED52C5F15
HistoryJun 30, 2005 - 12:00 a.m.

Fixed in Apache Tomcat 6.0.11

2005-06-3000:00:00
Apache Tomcat
tomcat.apache.org
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Moderate: Cross-site scripting CVE-2007-1355

The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.

Affects: 6.0.0-6.0.10

Important: Information disclosure CVE-2005-2090

Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers.

Affects: 6.0.0-6.0.10

CPENameOperatorVersion
apache tomcatge6.0.0
apache tomcatle6.0.10

Related

nessus 33
cve 3
cert 1
veracode 3
f5 2
github 2
tomcat 7
osv 2
openvas 20
packetstorm 1
securityvulns 4
freebsd 2
ubuntucve 2
prion 2
seebug 3
debiancve 1
redhat 8
vmware 2
fedora 7
centos 1
oraclelinux 1
ibm 2
altlinux 1
nessus
nessus
Apache Tomcat < 6.0.13 Multiple Vulnerabilities
2011-11-18 00:00:00
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Tomcat Sample App hello.jsp 'test' Parameter XSS
2007-05-21 00:00:00
cve
cve
CVE-2005-2090
2005-07-05 04:00:00
CVE-2007-1355
2007-05-21 20:30:00
CVE-2013-4286
2014-02-26 14:55:00
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
veracode
veracode
HTTP Request Smuggling
2018-11-13 06:55:19
Cross-Site Scripting (XSS)
2019-03-25 08:40:43
Request-smuggling Attacks
2019-01-15 08:59:20
f5
f5
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
github
github
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
tomcat
tomcat
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
Fixed in Apache Tomcat 5.5.24, 5.0.SVN
2007-03-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
osv
osv
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
openvas
openvas
Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
2015-04-15 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
packetstorm
packetstorm
CVE-2007-1355.txt
2007-05-22 00:00:00
securityvulns
securityvulns
[CVE-2007-1355] Tomcat documentation XSS vulnerabilities
2007-05-19 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-05-19 00:00:00
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 &#40;Information disclosure&#41;
2014-02-28 00:00:00
freebsd
freebsd
tomcat -- XSS vulnerability in sample applications
2007-05-19 00:00:00
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2007-1355
2007-05-21 00:00:00
CVE-2013-4286
2014-02-26 00:00:00
prion
prion
Cross site scripting
2007-05-21 20:30:00
Design/Logic Flaw
2014-02-26 14:55:00
seebug
seebug
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0328) Important: tomcat security update
2007-05-24 00:00:00
(RHSA-2007:0327) Important: tomcat security update
2007-05-14 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)
2018-06-15 07:01:06
Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-17 04:55:05
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON
Related for TOMCAT:E676AE46560F7CF2AF55891ED52C5F15
nessus33cve3cert1veracode3f52github2tomcat7osv2openvas20packetstorm1securityvulns4freebsd2ubuntucve2prion2seebug3debiancve1redhat8vmware2fedora7centos1oraclelinux1ibm2altlinux1