Page 12 of 57 results (0.005 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2005-4838 – tomcat manager example DoS

https://notcve.org/view.php?id=CVE-2005-4838

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html http://marc.info/?l=tomcat-dev&m=110476790331536&w=2 http://marc.info/?l=tomcat-dev&m=110477195116951&w=2 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/13737 http://secunia.com/advisories/31493 http://securitytracker.com/id?1012793 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.oliverkarow.de/research/jakarta556_ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0

CVE-2005-3510 – tomcat DoS

https://notcve.org/view.php?id=CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://secunia.com/advisories/17416 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/33668 http://securitytracker.com/id?1015147 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http: •