Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 262
CVE-2007-1358
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
CVE-2006-7195
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
CVE-2007-1858
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
CVE-2007-1858
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ...
CVE-2006-7195
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Ap ...
CVE-2007-1358
Cross-site scripting (XSS) vulnerability in certain applications using ...
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application e ...
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
CVE-2007-1858
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-1358 Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". | CVSS2: 2.6 | 40% Средний | больше 18 лет назад |
| CVE-2006-7195 Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. | CVSS2: 4.3 | 11% Средний | больше 18 лет назад |
| CVE-2007-1858 The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | CVSS2: 2.6 | 3% Низкий | больше 18 лет назад |
| CVE-2006-7196 Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. | CVSS2: 4.3 | 79% Высокий | больше 18 лет назад |
| CVE-2007-1858 The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ... | CVSS2: 2.6 | 3% Низкий | больше 18 лет назад |
| CVE-2006-7195 Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Ap ... | CVSS2: 4.3 | 11% Средний | больше 18 лет назад |
| CVE-2007-1358 Cross-site scripting (XSS) vulnerability in certain applications using ... | CVSS2: 2.6 | 40% Средний | больше 18 лет назад |
| CVE-2006-7196 Cross-site scripting (XSS) vulnerability in the calendar application e ... | CVSS2: 4.3 | 79% Высокий | больше 18 лет назад |
 | CVE-2006-7196 Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. | CVSS2: 4.3 | 79% Высокий | больше 18 лет назад |
| CVE-2007-1858 The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | CVSS2: 2.6 | 3% Низкий | больше 18 лет назад |
Уязвимостей на страницу