Page 6 of 34 results (0.013 seconds)

CVSS: 2.6EPSS: 72%CPEs: 9EXPL: 0

CVE-2007-1358 – tomcat accept-language xss flaw

https://notcve.org/view.php?id=CVE-2007-1358

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ciertas aplicaciones que usan Apache Tomcat 4.0.0 hasta 4.0.6 y 4.1.0 hasta 4.1.34 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante "cabeceras Accept-Language que no cumplen la RFC 2616" artesanales. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://jvn.jp/jp/JVN%2316535199/index.html http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://osvdb.org/34881 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/25721 http://secunia.com/advisories/26235 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 95%CPEs: 54EXPL: 1

CVE-2006-7196 – Apache Tomcat 5.5.15 - cal2.jsp Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el ejemplo de aplicación de calendario en Apache Tomcat versión 4.0.0 hasta 4.0.6, versión 4.1.0 hasta 4.1.31, versión 5.0.0 hasta 5.0.30 y versión 5.5.0 hasta 5.5.15 permite a atacantes remotos inyectar script web o HTML arbitrarias por medio del parámetro time hacia el archivo cal2.jsp y posiblemente otros vectores no especificados. NOTA: esto puede estar relacionado con CVE-2006-0254.1. • https://www.exploit-db.com/exploits/30563 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://osvdb.org/34888 http://secunia.com/advisories/29242 http://secunia.com/advisories/33668 http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2005-4838 – tomcat manager example DoS

https://notcve.org/view.php?id=CVE-2005-4838

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html http://marc.info/?l=tomcat-dev&m=110476790331536&w=2 http://marc.info/?l=tomcat-dev&m=110477195116951&w=2 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/13737 http://secunia.com/advisories/31493 http://securitytracker.com/id?1012793 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.oliverkarow.de/research/jakarta556_ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 2

CVE-2003-0866 – Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service

https://notcve.org/view.php?id=CVE-2003-0866

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. El paquete Catalina org.apache.catalina.connector.http en Tomcat 4.0.x a 4.0.3 permite a atacantes remotos causar una denegación de servicio mediante ciertas peticiones que no siguen el protocolo HTTP, lo que hace que Tomcat rechace peticiones subsiguientes. • https://www.exploit-db.com/exploits/23245 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://tomcat.apache.org/security-4.html http://www.debian.org/security/2003/dsa-395 http://www.securityfocus.com/bid/8824 http://www.vupen.com/english/advisories/2008/1979/references https://exchange.xforce.ibmcloud.com/vulnerabilities/1342 •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2002-1394

https://notcve.org/view.php?id=CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. Apache Tomcat 4.0.5 y anteriores, cuando usando el servlet invocador y el servlet por defecto, permite a atacantes remotos leer código fuente de ficheros del servidor o evadir ciertas protecciones, una variante de CAN-2002-1148 • http://issues.apache.org/bugzilla/show_bug.cgi?id=13365 http://marc.info/?l=bugtraq&m=103470282514938&w=2 http://marc.info/?l=tomcat-dev&m=103417249325526&w=2 http://www.debian.org/security/2003/dsa-225 http://www.redhat.com/support/errata/RHSA-2003-075.html http://www.redhat.com/support/errata/RHSA-2003-082.html http://www.securityfocus.com/bid/6562 https://exchange.xforce.ibmcloud.com/vulnerabilities/10376 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327 •