CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 2CVE-2003-0866 – Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2003-0866
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. El paquete Catalina org.apache.catalina.connector.http en Tomcat 4.0.x a 4.0.3 permite a atacantes remotos causar una denegación de servicio mediante ciertas peticiones que no siguen el protocolo HTTP, lo que hace que Tomcat rechace peticiones subsiguientes. • https://www.exploit-db.com/exploits/23245 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://tomcat.apache.org/security-4.html http://www.debian.org/security/2003/dsa-395 http://www.securityfocus.com/bid/8824 http://www.vupen.com/english/advisories/2008/1979/references https://exchange.xforce.ibmcloud.com/vulnerabilities/1342 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2002-1567 – Apache Tomcat 4.1 - JSP Request Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1567
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1 permite a atacantes remotos ejecutar web script arbitrario y robar galletitas (cookies) mediante una URL con nuevas lineas codificadas seguidas por una petición a un fichero .jsp cuyo nombre contiene el script • https://www.exploit-db.com/exploits/21734 http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html http://tomcat.apache.org/security-4.html https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0045
https://notcve.org/view.php?id=CVE-2003-0045
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Jakarta Tomcat antes de 3.3.1a en ciertos sistemas Windows puede permitir a atacantes remotos causar una denegación de servicio (cuelgue de hebras y consumición de recursos) mediante peticiones a una página JSP conteniendo un nombre de dispositivo MS-DOS, como aux.jsp. • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/12102 •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0043
https://notcve.org/view.php?id=CVE-2003-0043
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Jakarta Tomcat anteriores a 3.3.1a, cuando se usa con JDK 1.3.1 o anteriores, usa privilegios que le han sido confiados cuando procesa el fichero web.xml, lo que podría permitir a atacantes remotos leer porciones de algunos ficheros mediante el fichero web.xml • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt http://www.ciac.org/ciac/bulletins/n-060.shtml http://www.debian.org/security/2003/dsa-246 http://www.securityfocus.com/advisories/5111 http://www.securityfocus.com/bid/6722 https://exchange.xforce.ibmcloud.com/vulnerabilities/11195 •
CVSS: 5.0EPSS: 13%CPEs: 9EXPL: 1CVE-2003-0042 – Apache Tomcat 3.x - Null Byte Directory / File Disclosure
https://notcve.org/view.php?id=CVE-2003-0042
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un carácter nulo. • https://www.exploit-db.com/exploits/22205 http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt http://marc.info/?l=bugtraq&m=104394568616290&w=2 http://secunia.com/advisories/7972 http://secunia.com/advisories/7977 http://www.ciac.org/ciac/bulletins/n-060.shtml http://www.debian.org/security/2003/dsa-246 http://www.securityfocus.com/advisories/5111 http://ww •