CVSS: 4.3EPSS: 97%CPEs: 2EXPL: 1CVE-2005-2090 – tomcat multiple content-length header poisioning
https://notcve.org/view.php?id=CVE-2005-2090
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://secuni •
CVSS: 5.0EPSS: 83%CPEs: 11EXPL: 0CVE-2005-0808
https://notcve.org/view.php?id=CVE-2005-0808
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. • http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/index-e.html http://www.kb.cert.org/vuls/id/204710 http://www.kb.cert.org/vuls/id/JGEI-6A2LEF http://www.securityfocus.com/bid/12795 https://exchange.xforce.ibmcloud.com/vulnerabilities/19681 •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 2CVE-2003-0866 – Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2003-0866
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. El paquete Catalina org.apache.catalina.connector.http en Tomcat 4.0.x a 4.0.3 permite a atacantes remotos causar una denegación de servicio mediante ciertas peticiones que no siguen el protocolo HTTP, lo que hace que Tomcat rechace peticiones subsiguientes. • https://www.exploit-db.com/exploits/23245 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://tomcat.apache.org/security-4.html http://www.debian.org/security/2003/dsa-395 http://www.securityfocus.com/bid/8824 http://www.vupen.com/english/advisories/2008/1979/references https://exchange.xforce.ibmcloud.com/vulnerabilities/1342 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2002-1567 – Apache Tomcat 4.1 - JSP Request Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1567
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1 permite a atacantes remotos ejecutar web script arbitrario y robar galletitas (cookies) mediante una URL con nuevas lineas codificadas seguidas por una petición a un fichero .jsp cuyo nombre contiene el script • https://www.exploit-db.com/exploits/21734 http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html http://tomcat.apache.org/security-4.html https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0045
https://notcve.org/view.php?id=CVE-2003-0045
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Jakarta Tomcat antes de 3.3.1a en ciertos sistemas Windows puede permitir a atacantes remotos causar una denegación de servicio (cuelgue de hebras y consumición de recursos) mediante peticiones a una página JSP conteniendo un nombre de dispositivo MS-DOS, como aux.jsp. • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/12102 •