Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@4.1.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14qy-gggs-aaaa
Aliases: CVE-2009-0783 GHSA-hhjg-g8xq-hhr3 |
CVE-2009-0783 tomcat XML parser information disclosure |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-1bxb-dc7f-aaad
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
CVE-2007-1355 tomcat XSS in samples |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-1um3-jpu8-aaaj
Aliases: CVE-2009-0033 GHSA-5cw4-ggx9-36vg |
CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-22we-qr8x-aaad
Aliases: CVE-2008-2370 GHSA-m8h8-6rvg-f4mg |
CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-29jw-3gsy-aaad
Aliases: CVE-2002-0682 |
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. |
Affected by 0 other vulnerabilities. |
|
VCID-2a4u-vpgj-aaaa
Aliases: CVE-2008-2938 GHSA-m7xj-ccqc-p4g2 |
CVE-2008-2938 tomcat Unicode directory traversal vulnerability |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-3cn3-wbw7-aaaf
Aliases: CVE-2005-4838 |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-3wz7-8vt8-aaam
Aliases: CVE-2002-1394 GHSA-8v5p-2cpv-c2x6 |
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. |
Affected by 0 other vulnerabilities. |
|
VCID-5p51-8u8j-aaaj
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
CVE-2007-2450 tomcat host manager XSS |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-5t6h-swmf-aaaj
Aliases: CVE-2002-1567 GHSA-86fp-jgwm-wgj5 |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. |
Affected by 0 other vulnerabilities. |
|
VCID-8ev5-nn75-aaap
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
CVE-2007-0450 tomcat directory traversal |
Affected by 9 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8ha5-3wkt-aaaa
Aliases: CVE-2007-5333 GHSA-cww4-vj5r-rx57 |
CVE-2007-5333 Improve cookie parsing for tomcat5 |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8mnn-61dd-aaaj
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
CVE-2007-1358 tomcat accept-language xss flaw |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8tsz-hrqv-aaar
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
CVE-2007-3385 tomcat handling of cookie values |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-av1e-fm3v-aaag
Aliases: CVE-2002-0935 GHSA-xmf4-j3j7-xj7q |
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-chav-tp7d-aaam
Aliases: CVE-2008-5515 GHSA-9737-qmgc-hfr9 |
Directory Traversal in Apache Tomcat |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-chsg-486g-aaac
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e2fg-fd5a-aaan
Aliases: CVE-2007-3383 GHSA-wjwr-3jch-479j |
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. |
Affected by 4 other vulnerabilities. |
|
VCID-es7j-vwa1-aaar
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-gte7-xda1-aaas
Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jts3-sumc-aaaq
Aliases: CVE-2008-0128 |
CVE-2008-0128 tomcat5 SSO cookie login information disclosure |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-mtv2-58p5-aaag
Aliases: CVE-2008-3271 |
CVE-2008-3271 tomcat RemoteFilterValve Information disclosure |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-ncxu-ua7h-aaab
Aliases: CVE-2002-1148 GHSA-jxcv-v856-j5vg |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-npzp-axqb-aaaa
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
CVE-2007-2449 tomcat examples jsp XSS |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-qdyv-j5zf-aaaq
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
CVE-2007-3382 tomcat handling of cookies |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-u6b5-d1yp-aaah
Aliases: CVE-2009-0580 GHSA-w227-xcfx-3pj8 |
CVE-2009-0580 tomcat6 Information disclosure in authentication classes |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-ugfm-9gaz-aaab
Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq |
CVE-2006-3835 tomcat directory listing issue |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-vyaw-vkvq-aaas
Aliases: CVE-2005-3164 GHSA-qhqv-q4xg-f6g7 |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. |
Affected by 4 other vulnerabilities. |
|
VCID-w2az-ahw2-aaah
Aliases: CVE-2008-1232 GHSA-q74x-qqhr-f8rx |
CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-zpve-n9ex-aaak
Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98 |
CVE-2006-7196 tomcat XSS in example webapps |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-zte6-dz3c-aaan
Aliases: CVE-2009-0781 GHSA-j788-fx57-99wp |
CVE-2009-0781 tomcat: XSS in Apache Tomcat calendar application |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||