|
121
|
-
4.3
|
MEDIUM
|
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers t…
|
CWE-189
Numeric Errors
|
CVE-2014-0099
|
cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…
|
|
6.0.39
|
|
|
2024-11-21 11:01
2014-05-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
-
4.3
|
MEDIUM
|
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0096
|
cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…
|
|
6.0.39
|
|
|
2024-11-21 11:01
2014-05-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
-
5.0
|
MEDIUM
|
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP req…
|
CWE-20
Improper Input Validation
|
CVE-2014-0095
|
cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…
|
|
|
|
|
2024-11-21 11:01
2014-05-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
-
5.0
|
MEDIUM
|
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remot…
|
CWE-189
Numeric Errors
|
CVE-2014-0075
|
cpe:2.3:a:apache:tomcat:8.0.3:* cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:ap…
|
|
6.0.39
|
|
|
2024-11-21 11:01
2014-05-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
-
7.5
|
HIGH
|
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0050
|
cpe:2.3:a:apache:tomcat:8.0.1:* cpe:2.3:a:apache:tomcat:8.0.0:rc5 cpe:2.3:a:apache:tomcat:8.0.0:rc2 cpe:2.3:a:…
|
|
|
|
|
2024-11-21 11:01
2014-04-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
-
4.3
|
MEDIUM
|
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote atta…
|
CWE-20
Improper Input Validation
|
CVE-2014-0033
|
cpe:2.3:a:apache:tomcat:6.0.37:* cpe:2.3:a:apache:tomcat:6.0.36:* cpe:2.3:a:apache:tomcat:6.0.35:* cpe:2.3:a:a…
|
|
|
|
|
2024-11-21 11:01
2014-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
-
4.3
|
MEDIUM
|
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a c…
|
CWE-200
Information Exposure
|
CVE-2013-4590
|
cpe:2.3:a:apache:tomcat:8.0.0:rc9 cpe:2.3:a:apache:tomcat:8.0.0:rc8 cpe:2.3:a:apache:tomcat:8.0.0:rc7 cpe:2.3:…
|
|
6.0.37
|
|
|
2024-11-21 10:55
2014-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
-
4.3
|
MEDIUM
|
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace charac…
|
CWE-20
Improper Input Validation
|
CVE-2013-4322
|
cpe:2.3:a:apache:tomcat:8.0.0:rc9 cpe:2.3:a:apache:tomcat:8.0.0:rc8 cpe:2.3:a:apache:tomcat:8.0.0:rc7 cpe:2.3:…
|
|
6.0.37
|
|
|
2024-11-21 10:55
2014-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
-
5.8
|
MEDIUM
|
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which al…
|
CWE-20
Improper Input Validation
|
CVE-2013-4286
|
cpe:2.3:a:apache:tomcat:8.0.0:rc2 cpe:2.3:a:apache:tomcat:8.0.0:rc1 cpe:2.3:a:apache:tomcat:7.0.4:beta cpe:2.3…
|
|
6.0.37
|
|
|
2024-11-21 10:55
2014-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
-
2.1
|
LOW
|
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0346
|
cpe:2.3:a:apache:tomcat:7.0.9:* cpe:2.3:a:apache:tomcat:7.0.8:* cpe:2.3:a:apache:tomcat:7.0.7:* cpe:2.3:a:apac…
|
|
|
|
|
2024-11-21 10:47
2014-02-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|