CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2008-3271 – tomcat RemoteFilterValve Information disclosure
https://notcve.org/view.php?id=CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat 5.5.0 y 4.1.0 hasta la 4.1.31 permite a atacantes remotos eludir una restricción de dirección IP y obtener información sensible a través de una solicitud que se tramita simultáneamente con otra petición, pero en otro hilo, lo que lleva a una sobreescritura de una variable de instancia asociada con un "problema de sincronización" y con un fallo de seguridad en la implementación de los hilos, relacionada con RemoteFilterValve, RemoteAddrValve, y RemoteHostValve. • http://jvn.jp/en/jp/JVN30732239/index.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html http://secunia.com/advisories/32213 http://secunia.com/advisories/32234 http://secunia.com/advisories/32398 http://secunia.com/advisories/35684 http://securityreason.com/securityalert/4396 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.fujitsu.com/gl • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 97%CPEs: 3EXPL: 2CVE-2008-2938 – Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
https://notcve.org/view.php?id=CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. Una vulnerabilidad de salto de directorio (Directory Traversal) en Apache Tomcat versión 4.1.0 hasta 4.1.37, versión 5.5.0 hasta 5.5.26 y versión 6.0.0 hasta 6.0.16, cuando están habilitados allowLinking y UTF-8, permite a atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio (Directory Traversal) en el URI, una vulnerabilidad diferente a CVE-2008-2370. NOTA: las versiones anteriores a 6.0.18 se informaron afectadas, pero el aviso del proveedor enumera 6.0.16 como la última versión afectada. ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities. • https://www.exploit-db.com/exploits/6229 https://www.exploit-db.com/exploits/14489 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://secunia.com/advisories/31639 http://secunia.com/advisories/31865 http://secunia.com/advisories/31891 http://secunia.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 10%CPEs: 82EXPL: 2CVE-2008-2370 – Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure
https://notcve.org/view.php?id=CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, cuando se utiliza RequestDispatcher, realiza una regularización de ruta antes de eliminar la cadena de consulta desde la URI, lo cual permite a atacantes remotos dirigir ataques de salto de directorio y leer archivos arbitrariamente mediante un .. (punto punto) en un parametro request. • https://www.exploit-db.com/exploits/32137 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/31379 http://secunia.com/advisories/31381 http://secunia.com/advisories/31639 http:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2CVE-2008-1232 – Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de una cadena manipulada usada en el argumento message del método HttpServletResponse.sendError. • https://www.exploit-db.com/exploits/32138 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 15%CPEs: 3EXPL: 2CVE-2007-5333 – Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
https://notcve.org/view.php?id=CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. Apache Tomcat 6.0.0 hasta 6.0.14, 5.5.0 hasta 5.5.25, 4.1.36 y 4.1.0 al no manejar adecuadamente secuencias (1) caracteres de dobles comillas (") o (2) secuencias de contrabarra codificadas %5C en un valor de cookie, podría provocar que información sensible como los IDs de sesión sean filtradas a atacantes remotos, así como habilitar ataques de secuestro de sesión. NOTA: este problema existe debido a una arreglo erroneo de CVE-2007-3385. • https://www.exploit-db.com/exploits/31130 http://jvn.jp/jp/JVN%2309470767/index.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28878 http://secunia.com/advisories/28884 http://secunia.com/advisories/28915 http://se • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •