Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@5.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17mt-cmdb-aaar
Aliases: CVE-2006-7195 GHSA-p57v-p3fx-qgwm |
CVE-2006-7195 tomcat XSS in example webapps |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-1bxb-dc7f-aaad
Aliases: CVE-2007-1355 GHSA-4c6x-gfc8-c26r |
CVE-2007-1355 tomcat XSS in samples |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-31ma-z76n-aaaa
Aliases: CVE-2007-1858 |
CVE-2007-1858 tomcat anonymous cipher issue |
Affected by 0 other vulnerabilities. |
|
VCID-3cn3-wbw7-aaaf
Aliases: CVE-2005-4838 |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. |
Affected by 0 other vulnerabilities. |
|
VCID-49pd-2mxh-aaaq
Aliases: CVE-2011-3190 GHSA-c38m-v4m2-524v |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-55ga-282t-aaah
Aliases: CVE-2009-3555 GHSA-f7w7-6pjc-wwm6 VC-OPENSSL-20091105-CVE-2009-3555 VU#120541 |
The renegotiation vulnerability in SSL protocol |
Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-5p51-8u8j-aaaj
Aliases: CVE-2007-2450 GHSA-5c5p-jxvx-x7j2 |
CVE-2007-2450 tomcat host manager XSS |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8ev5-nn75-aaap
Aliases: CVE-2007-0450 GHSA-4prh-gqw8-rgh5 |
CVE-2007-0450 tomcat directory traversal |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-8mnn-61dd-aaaj
Aliases: CVE-2007-1358 GHSA-xmc9-6p56-3c4v |
CVE-2007-1358 tomcat accept-language xss flaw |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8tsz-hrqv-aaar
Aliases: CVE-2007-3385 GHSA-6j8f-66vh-39mj |
CVE-2007-3385 tomcat handling of cookie values |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-chsg-486g-aaac
Aliases: CVE-2005-2090 GHSA-f2gq-p6qv-ccw4 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-es7j-vwa1-aaar
Aliases: CVE-2007-5461 GHSA-v5p2-vg3c-pmrr |
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV |
Affected by 4 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-gte7-xda1-aaas
Aliases: CVE-2005-3510 GHSA-8f4w-jwqv-5cxc |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jts3-sumc-aaaq
Aliases: CVE-2008-0128 |
CVE-2008-0128 tomcat5 SSO cookie login information disclosure |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-npzp-axqb-aaaa
Aliases: CVE-2007-2449 GHSA-hc39-rjwp-qffq |
CVE-2007-2449 tomcat examples jsp XSS |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-qdyv-j5zf-aaaq
Aliases: CVE-2007-3382 GHSA-qff8-g48j-pwpw |
CVE-2007-3382 tomcat handling of cookies |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-u6b5-d1yp-aaah
Aliases: CVE-2009-0580 GHSA-w227-xcfx-3pj8 |
CVE-2009-0580 tomcat6 Information disclosure in authentication classes |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-ugfm-9gaz-aaab
Aliases: CVE-2006-3835 GHSA-wfj7-mhr5-pcwq |
CVE-2006-3835 tomcat directory listing issue |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-zpve-n9ex-aaak
Aliases: CVE-2006-7196 GHSA-pm78-wxxf-fw98 |
CVE-2006-7196 tomcat XSS in example webapps |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||