CVE search results

101 – 109 of 109 results

Detailed view

Sort by:

CVE-2009-2693

Medium priority

Some fixes available 3 of 7

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5	—	—	—	—	—
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2008-5515

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5	—	—	—	—	—
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2009-0783

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2)...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5	—	—	—	—	—
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2009-0580

Low priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5	—	—	—	—	—
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2009-0033

Medium priority

Some fixes available 2 of 6

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a...

3 affected packages

tomcat5, tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5	—	—	—	—	—
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2009-0781

Low priority

Some fixes available 2 of 6

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers...

2 affected packages

tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2008-2938

Low priority

Some fixes available 2 of 4

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via...

2 affected packages

tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2008-2370

Low priority

Some fixes available 2 of 4

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to...

2 affected packages

tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

CVE-2008-1232

Medium priority

Some fixes available 2 of 4

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the...

2 affected packages

tomcat5.5, tomcat6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
tomcat5.5	—	—	—	—	—
tomcat6	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports