CVE-2007-5461 – Apache Tomcat - WebDAV SSL Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una petición de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM. • https://www.exploit-db.com/exploits/4552 https://www.exploit-db.com/exploits/4530 http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html http://issues.apache.org/jira/browse/GERONIMO-3549 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-4724
https://notcve.org/view.php?id=CVE-2007-4724
Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cal2.jsp en la aplicación de ejemplos de calendario de Apache Tomcat 4.1.31 permite a atacantes remotos añadir eventos como usuarios de su elección mediante los parámetros time y description. • http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html http://osvdb.org/41029 http://securityreason.com/securityalert/3094 http://www.securityfocus.com/archive/1/478491/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-3386 – Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3386
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. La vulnerabilidad de tipo Cross-Site Scripting (XSS) en el Servlet Host Manager para Apache Tomcat versión 6.0.0 hasta 6.0.13 y versión 5.5.0 hasta 5.5.24, permite a los atacantes remotos inyectar script web y HTML arbitrario por medio de peticiones creadas, como se demuestra utilizando el parámetro alias para una acción html/add. Tomcat versions 5.5.0 to 5.5.24 and 6.0.0 to 6.0.13 suffer from a cross site scripting vulnerability in the host manager functionality. • https://www.exploit-db.com/exploits/30495 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://jvn.jp/jp/JVN%2359851336/index.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/36417 http://secunia.com/advisories/26465 http://secunia.com/advisories/26898 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3385 – tomcat handling of cookie values
https://notcve.org/view.php?id=CVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 no trata adecuadamente la secuencia de caracteres \" en un valor de cookie, lo cual podría provocar que información sensible como los IDs de sesión sean filtradas a atacantes remotos, así como habilitar ataques de secuestro de sesión. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/26466 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-3382 – Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
https://notcve.org/view.php?id=CVE-2007-3382
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 trata las comillas simples ("'") como delimitadores en las cookies, lo cual podría provocar que información sensible como los identificadores de sesión se filtre y permita a atacantes remotos llevar a cabo ataques de secuestro de sesión. • https://www.exploit-db.com/exploits/30496 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •