Apache Tomcat Sensitive Information Disclosure

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Jakarta Tomcat cross-site scripting (XSS) vulnerability

Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat vulnerable to Cross-site Scripting

Apache Tomcat allows webmasters to insert xss into error messages

Apache Tomcat Directory Traversal

Improper Authentication in Apache Tomcat

Apache Tomcat Vulnerable to Cross-Site Scripting

Improper Access Control in Apache Tomcat

Integer Overflow or Wraparound in Apache Tomcat

Apache Tomcat does not enforce the maxHttpHeaderSize limit

Improper Input Validation in Apache Tomcat

Access restriction bypass in Apache Tomcat

Exposure of Resource to Wrong Sphere in Apache Tomcat

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat Denial of Service via invalid HTTP priority header

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat