Page 42 of 225 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2002-1394

https://notcve.org/view.php?id=CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. Apache Tomcat 4.0.5 y anteriores, cuando usando el servlet invocador y el servlet por defecto, permite a atacantes remotos leer código fuente de ficheros del servidor o evadir ciertas protecciones, una variante de CAN-2002-1148 • http://issues.apache.org/bugzilla/show_bug.cgi?id=13365 http://marc.info/?l=bugtraq&m=103470282514938&w=2 http://marc.info/?l=tomcat-dev&m=103417249325526&w=2 http://www.debian.org/security/2003/dsa-225 http://www.redhat.com/support/errata/RHSA-2003-075.html http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.securityfocus.com/bid/6562 https://exchange.xforce.ibmcloud.com/vulnerabilities/10376 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327 •

CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 3

CVE-2002-2006 – Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure

https://notcve.org/view.php?id=CVE-2002-2006

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. • https://www.exploit-db.com/exploits/21412 http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://tomcat.apache.org/security-4.html http://www.iss.net/security_center/static/8932.php http://www.securityfocus.com/bid/4575 http://www.vupen.com/english/advisories/2008/1979/references https://lists.apache.org/thread.html •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2002-2009

https://notcve.org/view.php?id=CVE-2002-2009

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. • http://tomcat.apache.org/security-4.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0286.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0297.html http://www.securityfocus.com/bid/4557 https://exchange.xforce.ibmcloud.com/vulnerabilities/42915 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.or •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

CVE-2002-1895

https://notcve.org/view.php?id=CVE-2002-1895

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0020.html http://tomcat.apache.org/security-4.html http://www.iss.net/security_center/static/10348.php https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2002-2008

https://notcve.org/view.php?id=CVE-2002-2008

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0225.html http://tomcat.apache.org/security-4.html http://www.iss.net/security_center/static/9394.php http://www.securityfocus.com/bid/5054 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev. •