Total
211 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0917 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | |||||
CVE-2002-0936 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
CVE-2000-0760 | 1 Apache | 1 Tomcat | 2024-02-28 | 6.4 MEDIUM | N/A |
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | |||||
CVE-2001-0590 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). | |||||
CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | |||||
CVE-2002-2008 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. | |||||
CVE-2002-1394 | 1 Apache | 1 Tomcat | 2024-02-28 | 7.5 HIGH | N/A |
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | |||||
CVE-2003-0866 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. | |||||
CVE-2002-2006 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. | |||||
CVE-2002-1567 | 1 Apache | 1 Tomcat | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. | |||||
CVE-2002-2009 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. |