CVSS: 4.3EPSS: 32%CPEs: 65EXPL: 2CVE-2011-0013 – tomcat: XSS vulnerability in HTML Manager interface
https://notcve.org/view.php?id=CVE-2011-0013
05 Feb 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la interfaz de HTML Manager en Apache Software Foundation Tomcat v7.0 antes de v7.0.6, v5.5 antes de v5.5.32 y v6.0 antes de v6.0.30 permiten a atacantes remotos inyecta... • https://packetstorm.news/files/id/98176 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 27EXPL: 0CVE-2010-4312 – Gentoo Linux Security Advisory 201206-24
https://notcve.org/view.php?id=CVE-2010-4312
26 Nov 2010 — The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. La configuración por defecto de Apache Tomcat v6.x no incluye la bandera HTTPOnly en un encabezado Set-Cookie, lo cual hace más fácil para los atacantes remotos secuestrar una sesión a traves del acceso mediante secuencias de comandos a una cookie. Multiple vulnerabilities were found in Apache Tomcat, the worst... • http://www.securityfocus.com/archive/1/514866/100/0/threaded • CWE-16: Configuration •
CVSS: 4.3EPSS: 24%CPEs: 20EXPL: 2CVE-2010-4172 – Apache Tomcat 7.0.4 - 'sort' / 'orderBy' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4172
23 Nov 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en la aplica... • https://www.exploit-db.com/exploits/35011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 64%CPEs: 55EXPL: 1CVE-2010-2227 – Apache Tomcat Transfer-Encoding Information Disclosure and DoS
https://notcve.org/view.php?id=CVE-2010-2227
10 Jul 2010 — Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." Apache Tomcat v5.5.0 hasta v5.5.29, v6.0.0 hasta v6.0.27 y v7.0.0 beta, no maneja apropiadamente una cabecera Transer-Encoding inválida, lo que permite a atacantes remotos causar una denegación de s... • https://packetstorm.news/files/id/180512 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •