CVSS: 4.3EPSS: 97%CPEs: 3EXPL: 2CVE-2008-2938 – Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
https://notcve.org/view.php?id=CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. Una vulnerabilidad de salto de directorio (Directory Traversal) en Apache Tomcat versión 4.1.0 hasta 4.1.37, versión 5.5.0 hasta 5.5.26 y versión 6.0.0 hasta 6.0.16, cuando están habilitados allowLinking y UTF-8, permite a atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio (Directory Traversal) en el URI, una vulnerabilidad diferente a CVE-2008-2370. NOTA: las versiones anteriores a 6.0.18 se informaron afectadas, pero el aviso del proveedor enumera 6.0.16 como la última versión afectada. ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities. • https://www.exploit-db.com/exploits/6229 https://www.exploit-db.com/exploits/14489 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://secunia.com/advisories/31639 http://secunia.com/advisories/31865 http://secunia.com/advisories/31891 http://secunia.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 10%CPEs: 82EXPL: 2CVE-2008-2370 – Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure
https://notcve.org/view.php?id=CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, cuando se utiliza RequestDispatcher, realiza una regularización de ruta antes de eliminar la cadena de consulta desde la URI, lo cual permite a atacantes remotos dirigir ataques de salto de directorio y leer archivos arbitrariamente mediante un .. (punto punto) en un parametro request. • https://www.exploit-db.com/exploits/32137 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/31379 http://secunia.com/advisories/31381 http://secunia.com/advisories/31639 http:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2CVE-2008-1232 – Apache Tomcat 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de una cadena manipulada usada en el argumento message del método HttpServletResponse.sendError. • https://www.exploit-db.com/exploits/32138 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 10%CPEs: 35EXPL: 0CVE-2008-1947 – Tomcat host manager xss - name field
https://notcve.org/view.php?id=CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat v5.5.9 a la v5.5.26 y v6.0.0 a la v6.0.16, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro name (también conocido como el atributo hostname) al host-manager/html/add. Tomcat versions 5.5.9 through 5.5.26 and versions 6.0.0 through 6.0.16 suffer from a host-manager cross site scripting vulnerability. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://marc.info/?l=tomcat-user&m=121244319501278&w=2 http://secunia.com/advisories/30500 http://secunia.com/advisories/30592 http://secunia.com/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 31EXPL: 0CVE-2007-6286
https://notcve.org/view.php?id=CVE-2007-6286
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. Apache Tomcat de 5.5.11 a 5.5.25 y de 6.0.0 a 6.0.15, cuando se utiliza el conector ARP nativo no maneja correctamente una petición vacía al puerto SSL, lo que permite a atacantes remotos disparar el manejo de "una copia duplicada de una de las peticiones recientes", como se demostró utilizando netcat para enviar la petición vacía. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28878 http://secunia.com/advisories/28915 http://secunia.com/advisories/29711 http://secunia.com/advisories/30676 http://secunia.com/advisories/32222 http://secunia.com/advisories/37460 http://secunia.com/advisories/57126 http://security.gentoo.org/glsa& •