Page 30 of 168 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Jakarta Tomcat anteriores a 3.3.1a, cuando se usa con JDK 1.3.1 o anteriores, usa privilegios que le han sido confiados cuando procesa el fichero web.xml, lo que podría permitir a atacantes remotos leer porciones de algunos ficheros mediante el fichero web.xml • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt http://www.ciac.org/ciac/bulletins/n-060.shtml http://www.debian.org/security/2003/dsa-246 http://www.securityfocus.com/advisories/5111 http://www.securityfocus.com/bid/6722 https://exchange.xforce.ibmcloud.com/vulnerabilities/11195 •

CVSS: 5.0EPSS: 13%CPEs: 9EXPL: 1

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. Jakarta Tomcat antes de 3.3.1a, cuando se usa con JDK 1.3.1 o anterior, permite a atacantes remotos listar directorios incluso cuando un index.html u otro fichero presente mediante una URL conteniendo un carácter nulo. • https://www.exploit-db.com/exploits/22205 http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt http://marc.info/?l=bugtraq&m=104394568616290&w=2 http://secunia.com/advisories/7972 http://secunia.com/advisories/7977 http://www.ciac.org/ciac/bulletins/n-060.shtml http://www.debian.org/security/2003/dsa-246 http://www.securityfocus.com/advisories/5111 http://ww •

CVSS: 6.8EPSS: 92%CPEs: 10EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en las apliaciones ejemplos y ROOT web en Jakarta Tomcat 3.x a 3.3.1a permite a atacantes remotos ejecutar scripts web arbitrarios • http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt http://secunia.com/advisories/7972 http://www.ciac.org/ciac/bulletins/n-060.shtml http://www.debian.org/security/2003/dsa-246 http://www.osvdb.org/9203 http://www.osvdb.org/9204 http://www.securityfocus.com/advisories/5111 http://www.securityfocus.com/bid/6720 https://exchange.xforce.ibmcloud.com/vulnerabilities&# •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. Apache Tomcat 4.0.5 y anteriores, cuando usando el servlet invocador y el servlet por defecto, permite a atacantes remotos leer código fuente de ficheros del servidor o evadir ciertas protecciones, una variante de CAN-2002-1148 • http://issues.apache.org/bugzilla/show_bug.cgi?id=13365 http://marc.info/?l=bugtraq&m=103470282514938&w=2 http://marc.info/?l=tomcat-dev&m=103417249325526&w=2 http://www.debian.org/security/2003/dsa-225 http://www.redhat.com/support/errata/RHSA-2003-075.html http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.securityfocus.com/bid/6562 https://exchange.xforce.ibmcloud.com/vulnerabilities/10376 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327 •

CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 3

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. • https://www.exploit-db.com/exploits/21412 http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://tomcat.apache.org/security-4.html http://www.iss.net/security_center/static/8932.php http://www.securityfocus.com/bid/4575 http://www.vupen.com/english/advisories/2008/1979/references https://lists.apache.org/thread.html •