CVSS: 6.5EPSS: 3%CPEs: 44EXPL: 3CVE-2007-5461 – Apache Tomcat - WebDAV SSL Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-5461
15 Oct 2007 — Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuar... • https://www.exploit-db.com/exploits/4552 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4724
https://notcve.org/view.php?id=CVE-2007-4724
05 Sep 2007 — Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cal2.jsp en la aplicación de ejemplos de calendario de Apache Tomcat 4.1.31 permite a atacantes remotos añadir eventos como usuarios de su elección mediante los parámetros time y description. • http://archives.neohapsis.com/archives/bugtraq/2007-09/0040.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 86%CPEs: 85EXPL: 1CVE-2007-3382 – Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
https://notcve.org/view.php?id=CVE-2007-3382
14 Aug 2007 — Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 trata las comillas simples ("'") como delimitadores en las cookies, lo cual podría provocar que información se... • https://www.exploit-db.com/exploits/30496 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 46%CPEs: 39EXPL: 1CVE-2007-3386 – Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3386
14 Aug 2007 — Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. La vulnerabilidad de tipo Cross-Site Scripting (XSS) en el Servlet Host Manager para Apache Tomcat versión 6.0.0 hasta 6.0.13 y versión 5.5.0 hasta 5.5.24, permite a los atacantes remotos inyectar script web y HTML arbitrario por medio ... • https://www.exploit-db.com/exploits/30495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 69%CPEs: 85EXPL: 0CVE-2007-3385 – tomcat handling of cookie values
https://notcve.org/view.php?id=CVE-2007-3385
14 Aug 2007 — Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. Apache Tomcat 6.0.0 hasta 6.0.13, 5.5.0 hasta 5.5.24, 5.0.0 hasta 5.0.30, 4.1.0 hasta 4.1.36, y 3.3 hasta 3.3.2 no trata adecuadamente la secuencia de caracteres \" en un valor de cookie, lo cual podría provocar ... • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 4EXPL: 0CVE-2007-3384
https://notcve.org/view.php?id=CVE-2007-3384
08 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en examples/servlet/CookieExample de Apache Tomcat 3.3 hasta 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los campos (1) Name o (2)... • http://osvdb.org/39035 •
CVSS: 6.1EPSS: 42%CPEs: 17EXPL: 0CVE-2007-3383
https://notcve.org/view.php?id=CVE-2007-3383
25 Jul 2007 — Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. Vulnerabilidad de seuencia de comandos en sitios cruzados en SendMailServlet en los ejemplos de aplicaciones web (examples/jsp/mail/sendmail.jsp) en Apache Tomcat 4.0.0 hasta ... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html •
CVSS: 5.4EPSS: 0%CPEs: 88EXPL: 0CVE-2007-2450 – tomcat host manager XSS
https://notcve.org/view.php?id=CVE-2007-2450
14 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. Múltilples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en las aplicaciones web (1) Manager y (2) Host ... • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 89%CPEs: 73EXPL: 1CVE-2007-2449 – Apache Tomcat 6.0.13 - JSP Example Web Applications Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2449
14 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertos ficheros J... • https://www.exploit-db.com/exploits/30189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 79%CPEs: 52EXPL: 2CVE-2007-1355 – Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1355
21 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación ejemplo appdev/sample/web/hello.jsp en Tomcat 4.0.0 hasta la 4.0.6, 4.1.0 hast... • https://www.exploit-db.com/exploits/30052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •