Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 092
CVE-2008-1232
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 throug ...
CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
CVE-2008-1947
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
CVE-2007-6286
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
CVE-2007-5333
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ...
CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-1232 Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. | 38% Средний | почти 17 лет назад | |
 | CVE-2008-1947 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | CVSS2: 4.3 | 49% Средний | около 17 лет назад |
| CVE-2008-1947 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 throug ... | CVSS2: 4.3 | 49% Средний | около 17 лет назад |
 | CVE-2008-1947 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | CVSS2: 4.3 | 49% Средний | около 17 лет назад |
| CVE-2008-1947 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | 49% Средний | около 17 лет назад | |
| CVE-2007-5333 Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | CVSS2: 5 | 80% Высокий | больше 17 лет назад |
| CVE-2008-0002 Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. | CVSS2: 5.8 | 4% Низкий | больше 17 лет назад |
| CVE-2007-6286 Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. | CVSS2: 4.3 | 12% Средний | больше 17 лет назад |
| CVE-2007-5333 Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ... | CVSS2: 5 | 80% Высокий | больше 17 лет назад |
| CVE-2008-0002 Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ... | CVSS2: 5.8 | 4% Низкий | больше 17 лет назад |
Уязвимостей на страницу