CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2007-3384
https://notcve.org/view.php?id=CVE-2007-3384
08 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en examples/servlet/CookieExample de Apache Tomcat 3.3 hasta 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los campos (1) Name o (2)... • http://osvdb.org/39035 •
CVSS: 6.1EPSS: 42%CPEs: 17EXPL: 0CVE-2007-3383
https://notcve.org/view.php?id=CVE-2007-3383
25 Jul 2007 — Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. Vulnerabilidad de seuencia de comandos en sitios cruzados en SendMailServlet en los ejemplos de aplicaciones web (examples/jsp/mail/sendmail.jsp) en Apache Tomcat 4.0.0 hasta ... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html •
CVSS: 5.4EPSS: 0%CPEs: 88EXPL: 0CVE-2007-2450 – tomcat host manager XSS
https://notcve.org/view.php?id=CVE-2007-2450
14 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. Múltilples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en las aplicaciones web (1) Manager y (2) Host ... • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 89%CPEs: 73EXPL: 1CVE-2007-2449 – Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2449
14 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertos ficheros J... • https://www.exploit-db.com/exploits/30189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 79%CPEs: 52EXPL: 2CVE-2007-1355 – Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1355
21 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación ejemplo appdev/sample/web/hello.jsp en Tomcat 4.0.0 hasta la 4.0.6, 4.1.0 hast... • https://www.exploit-db.com/exploits/30052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 76%CPEs: 54EXPL: 1CVE-2006-7196 – Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-7196
09 May 2007 — Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicación de calendario en Apache Tomcat versión 4.0.0 hasta 4.0.6, vers... • https://www.exploit-db.com/exploits/30563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 56%CPEs: 9EXPL: 0CVE-2007-1358 – tomcat accept-language xss flaw
https://notcve.org/view.php?id=CVE-2007-1358
09 May 2007 — Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ciertas aplicaciones que usan Apache Tomcat 4.0.0 hasta 4.0.6 y 4.1.0 hasta 4.1.34 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante "... • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 43EXPL: 1CVE-2007-1858 – tomcat anonymous cipher issue
https://notcve.org/view.php?id=CVE-2007-1858
09 May 2007 — The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. La configuración de cifrado SSL por defecto en Apache Tomcat 4.1.28 hasta 4.1.31, 5.0.0 hasta 5.0.30, y 5.5.0 hasta 5.5.17 utiliza determinadas claves inseguras, incluyendo la clave anónima, lo cual permite a atacantes remotos ... • https://github.com/anthophilee/A2SV--SSL-VUL-Scan •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2005-4836
https://notcve.org/view.php?id=CVE-2005-4836
31 Dec 2005 — The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. • http://tomcat.apache.org/security-4.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 3CVE-2005-4703 – Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure
https://notcve.org/view.php?id=CVE-2005-4703
31 Dec 2005 — Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. • https://www.exploit-db.com/exploits/31551 •