Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tomcat
(Apache)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 209 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2001-11-22 | CVE-2001-0917 | Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. | Tomcat | N/A | ||
2002-07-23 | CVE-2002-0682 | Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | Tomcat | N/A | ||
2002-08-12 | CVE-2002-0493 | Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. | Tomcat | N/A | ||
2002-10-04 | CVE-2002-0936 | The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | Tomcat | N/A | ||
2002-10-04 | CVE-2002-0935 | Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. | Tomcat | N/A | ||
2002-10-11 | CVE-2002-1148 | The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | Tomcat | N/A | ||
2002-12-31 | CVE-2002-2006 | The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets. | Tomcat | N/A | ||
2002-12-31 | CVE-2002-2009 | Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | Tomcat | N/A | ||
2002-12-31 | CVE-2002-2008 | Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message. | Tomcat | N/A | ||
2002-12-31 | CVE-2002-1895 | The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN. | Tomcat | N/A |