CVSS: 6.1EPSS: 11%CPEs: 52EXPL: 2CVE-2007-1355 – Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1355
21 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación ejemplo appdev/sample/web/hello.jsp en Tomcat 4.0.0 hasta la 4.0.6, 4.1.0 hast... • https://www.exploit-db.com/exploits/30052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 1CVE-2007-1858 – tomcat anonymous cipher issue
https://notcve.org/view.php?id=CVE-2007-1858
09 May 2007 — The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. La configuración de cifrado SSL por defecto en Apache Tomcat 4.1.28 hasta 4.1.31, 5.0.0 hasta 5.0.30, y 5.5.0 hasta 5.5.17 utiliza determinadas claves inseguras, incluyendo la clave anónima, lo cual permite a atacantes remotos ... • https://github.com/anthophilee/A2SV--SSL-VUL-Scan •
CVSS: 6.1EPSS: 95%CPEs: 54EXPL: 1CVE-2006-7196 – Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-7196
09 May 2007 — Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicación de calendario en Apache Tomcat versión 4.0.0 hasta 4.0.6, vers... • https://www.exploit-db.com/exploits/30563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 0CVE-2006-7195 – tomcat XSS in example webapps
https://notcve.org/view.php?id=CVE-2006-7195
09 May 2007 — Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en implicit-objects.jsp del Apache Tomcat 5.0.0 hasta el 5.0.30 y el 5.5.0 hasta la 5.5.17 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de ciertos valores en la cabecera. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 97%CPEs: 3EXPL: 1CVE-2007-0450 – Apache Tomcat 5.x/6.0.x - Directory Traversal
https://notcve.org/view.php?id=CVE-2007-0450
16 Mar 2007 — Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. Vulnerabilidad de salto de directorio en Apache HTTP Server y Tomcat 5.x anterior a 5.5... • https://www.exploit-db.com/exploits/29739 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2005-4838 – tomcat manager example DoS
https://notcve.org/view.php?id=CVE-2005-4838
31 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 96%CPEs: 2EXPL: 1CVE-2005-2090 – tomcat multiple content-length header poisioning
https://notcve.org/view.php?id=CVE-2005-2090
30 Jun 2005 — Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." Apache Tomcat versions 8.0.0-RC1, 7.0.0 ... • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx •