apache/tomcat: The latest CVE Vulnerabilities and Exploits for Penetration Test

 

Page content

apache/tomcat Vulnerability Summary

  • Vendor name: apache
  • Product name: tomcat
  • Total vulnerabilities: 201 (as 2023-05-04)

apache/tomcat Vulnerability List

CVE-2022-23181: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache…

Published: 2022-01-27T13:15:00 Last Modified: 2022-02-02T17:04:00

Summary

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2022-23181 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-42340: The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11,…

Published: 2021-10-14T20:15:00 Last Modified: 2022-02-07T16:16:00

Summary

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Common Weakness Enumeration (CWE): CWE-772: Missing Release of Resource after Effective Lifetime

CWE Description: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-42340 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-41079: Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly…

Published: 2021-09-16T15:15:00 Last Modified: 2021-12-01T14:19:00

Summary

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-41079 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-30639: A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An…

Published: 2021-07-12T15:15:00 Last Modified: 2022-02-07T16:15:00

Summary

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.

Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions

CWE Description: The software does not handle or incorrectly handles an exceptional condition.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30639 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using…

Published: 2021-07-12T15:15:00 Last Modified: 2022-02-07T16:15:00

Summary

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-30640 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-33037: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse…

Published: 2021-07-12T15:15:00 Last Modified: 2022-02-07T16:16:00

Summary

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-33037 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-25122: When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0,…

Published: 2021-03-01T12:15:00 Last Modified: 2022-02-07T16:15:00

Summary

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A’s request.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-25122 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-25329: The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1…

Published: 2021-03-01T12:15:00 Last Modified: 2022-02-07T16:15:00

Summary

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2021-25329 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2021-24122: When serving resources from a network location using the NTFS file system, Apache Tomcat versions…

Published: 2021-01-14T15:15:00 Last Modified: 2021-07-20T23:15:00

Summary

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-24122 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-17527: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9,…

Published: 2020-12-03T19:15:00 Last Modified: 2022-02-07T16:15:00

Summary

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-17527 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-13943: If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or…

Published: 2020-10-12T14:15:00 Last Modified: 2021-06-14T18:15:00

Summary

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-13943 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-13935: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to…

Published: 2020-07-14T15:15:00 Last Modified: 2022-02-07T16:15:00

Summary

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-13935 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-13934: An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to…

Published: 2020-07-14T15:15:00 Last Modified: 2022-02-07T16:15:00

Summary

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Common Weakness Enumeration (CWE): CWE-401: Missing Release of Memory after Effective Lifetime

CWE Description: The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-13934 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-8022: A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise…

Published: 2020-06-29T09:15:00 Last Modified: 2021-03-17T14:26:00

Summary

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-8022 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-11996: A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5,…

Published: 2020-06-26T17:15:00 Last Modified: 2021-07-21T11:39:00

Summary

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-11996 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-9484: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and…

Published: 2020-05-20T19:15:00 Last Modified: 2022-02-07T16:15:00

Summary

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=“null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2020-9484 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-1938: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections…

Published: 2020-02-24T22:15:00 Last Modified: 2021-07-21T11:39:00

Summary

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

Common Weakness Enumeration (CWE): CWE-269: Improper Privilege Management

CWE Description: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2020-1938 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-17569: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99…

Published: 2020-02-24T22:15:00 Last Modified: 2021-01-20T15:15:00

Summary

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-17569 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-1935: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing…

Published: 2020-02-24T22:15:00 Last Modified: 2021-05-04T19:19:00

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Common Weakness Enumeration (CWE): CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

CWE Description: When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1935 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-12418: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the…

Published: 2019-12-23T18:15:00 Last Modified: 2021-07-21T11:39:00

Summary

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-12418 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0…

Published: 2019-12-23T17:15:00 Last Modified: 2021-01-20T15:15:00

Summary

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

Common Weakness Enumeration (CWE): CWE-384: Session Fixation

CWE Description: Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 4.9
  • CVSS: 5.1
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-17563 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-10072: The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion…

Published: 2019-06-21T18:15:00 Last Modified: 2021-06-14T18:15:00

Summary

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Common Weakness Enumeration (CWE): CWE-667: Improper Locking

CWE Description: The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-10072 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-0221: The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to…

Published: 2019-05-28T22:29:00 Last Modified: 2021-07-13T17:15:00

Summary

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-0221 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-0232: When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat…

Published: 2019-04-15T15:29:00 Last Modified: 2021-06-14T18:15:00

Summary

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange’s blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html ) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/) .

Common Weakness Enumeration (CWE): CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

CWE Description: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 8.6
  • CVSS: 9.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2019-0232 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2019-0199: The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted…

Published: 2019-04-10T15:29:00 Last Modified: 2019-05-28T21:29:00

Summary

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API’s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-0199 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-11759: The Apache Web Server (httpd) specific code that normalised the requested path before matching it…

Published: 2018-10-31T20:29:00 Last Modified: 2019-04-15T16:31:00

Summary

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11759 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-11784: When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23…

Published: 2018-10-04T13:29:00 Last Modified: 2021-07-13T17:15:00

Summary

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to ‘/foo/’ when the user requested ‘/foo’) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

Common Weakness Enumeration (CWE): CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

CWE Description: A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2018-11784 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an…

Published: 2018-08-02T14:29:00 Last Modified: 2020-04-15T21:15:00

Summary

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1336 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered…

Published: 2018-08-02T14:29:00 Last Modified: 2019-04-15T16:31:00

Summary

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8037 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now…

Published: 2018-08-01T18:29:00 Last Modified: 2019-05-14T17:29:00

Summary

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8034 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-8019: When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not…

Published: 2018-07-31T13:29:00 Last Modified: 2020-02-03T12:15:00

Summary

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8019 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-8020: Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check…

Published: 2018-07-31T13:29:00 Last Modified: 2020-12-24T17:15:00

Summary

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8020 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to…

Published: 2018-05-16T16:29:00 Last Modified: 2019-10-03T00:03:00

Summary

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable ‘supportsCredentials’ for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

Common Weakness Enumeration (CWE): CWE-1188: Insecure Default Initialization of Resource

CWE Description: The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-8014 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1323: The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that…

Published: 2018-03-12T16:29:00 Last Modified: 2019-04-15T16:31:00

Summary

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1323 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1304: The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly…

Published: 2018-02-28T20:29:00 Last Modified: 2019-10-03T00:03:00

Summary

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1304 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1305: Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0…

Published: 2018-02-23T23:29:00 Last Modified: 2019-10-03T00:03:00

Summary

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1305 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-15706: As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16…

Published: 2018-01-31T14:29:00 Last Modified: 2019-04-15T16:31:00

Summary

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

Common Weakness Enumeration (CWE): CWE-358: Improperly Implemented Security Check for Standard

CWE Description: The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-15706 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-15698: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector…

Published: 2018-01-31T14:29:00 Last Modified: 2019-03-25T11:35:00

Summary

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-15698 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and…

Published: 2017-10-04T01:29:00 Last Modified: 2019-04-23T19:29:00

Summary

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type

CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2017-12617 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-12615: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting…

Published: 2017-09-19T13:29:00 Last Modified: 2019-04-15T16:30:00

Summary

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Common Weakness Enumeration (CWE): CWE-434: Unrestricted Upload of File with Dangerous Type

CWE Description: This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2017-12615 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-12616: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass…

Published: 2017-09-19T13:29:00 Last Modified: 2019-04-15T16:30:00

Summary

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-12616 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6796: A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,…

Published: 2017-08-11T02:29:00 Last Modified: 2021-10-20T11:15:00

Summary

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Common Weakness Enumeration (CWE): CWE-254: 7PK - Security Features

CWE Description: Software security is not security software. Here we’re concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6796 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-7674: The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and…

Published: 2017-08-11T02:29:00 Last Modified: 2019-04-15T16:31:00

Summary

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity

CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-7674 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-7675: The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a…

Published: 2017-08-11T02:29:00 Last Modified: 2019-06-12T17:29:00

Summary

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-7675 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6797: The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,…

Published: 2017-08-10T22:29:00 Last Modified: 2021-10-20T11:15:00

Summary

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6797 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6817: The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an…

Published: 2017-08-10T22:29:00 Last Modified: 2019-04-15T16:30:00

Summary

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6817 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-8745: A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat…

Published: 2017-08-10T22:29:00 Last Modified: 2019-04-15T16:30:00

Summary

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Common Weakness Enumeration (CWE): CWE-388: 7PK - Errors

CWE Description: This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur when an application does not properly handle errors that occur during processing. According to the authors of the Seven Pernicious Kingdoms, “Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with ‘API Abuse,’ there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle.”

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8745 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-0762: The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,…

Published: 2017-08-10T16:29:00 Last Modified: 2021-10-20T11:15:00

Summary

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0762 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-5018: In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and…

Published: 2017-08-10T16:29:00 Last Modified: 2021-10-20T11:15:00

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Common Weakness Enumeration (CWE): CWE-254: 7PK - Security Features

CWE Description: Software security is not security software. Here we’re concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5018 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6794: When a SecurityManager is configured, a web application’s ability to read system properties…

Published: 2017-08-10T16:29:00 Last Modified: 2021-10-20T11:15:00

Summary

When a SecurityManager is configured, a web application’s ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6794 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-5664: The error page mechanism of the Java Servlet Specification requires that, when an error occurs…

Published: 2017-06-06T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Common Weakness Enumeration (CWE): CWE-755: Improper Handling of Exceptional Conditions

CWE Description: The software does not handle or incorrectly handles an exceptional condition.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-5664 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-5650: In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY…

Published: 2017-04-17T16:59:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

Common Weakness Enumeration (CWE): CWE-404: Improper Resource Shutdown or Release

CWE Description: Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-5650 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-5648: While investigating bug 60718, it was noticed that some calls to application listeners in Apache…

Published: 2017-04-17T16:59:00 Last Modified: 2020-07-20T21:15:00

Summary

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Common Weakness Enumeration (CWE): CWE-668: Exposure of Resource to Wrong Sphere

CWE Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-5648 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-5647: A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to…

Published: 2017-04-17T16:59:00 Last Modified: 2019-04-15T16:31:00

Summary

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-5647 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-5651: In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP…

Published: 2017-04-17T16:59:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-5651 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6808: Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.

Published: 2017-04-12T20:59:00 Last Modified: 2019-04-15T16:30:00

Summary

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6808 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-8735: Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before…

Published: 2017-04-06T21:59:00 Last Modified: 2020-10-05T22:15:00

Summary

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn’t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8735 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-9775: The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before…

Published: 2017-03-23T16:59:00 Last Modified: 2021-06-14T18:15:00

Summary

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-9775 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-9774: The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before…

Published: 2017-03-23T16:59:00 Last Modified: 2018-08-02T01:29:00

Summary

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-9774 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6816: The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to…

Published: 2017-03-20T18:59:00 Last Modified: 2020-10-05T22:15:00

Summary

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-6816 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-8747: An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to…

Published: 2017-03-14T09:59:00 Last Modified: 2019-04-15T16:30:00

Summary

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8747 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-5425: The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and…

Published: 2016-10-13T14:59:00 Last Modified: 2020-07-23T18:24:00

Summary

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions

CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-5425 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-6325: The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and…

Published: 2016-10-13T14:59:00 Last Modified: 2018-01-05T02:31:00

Summary

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-6325 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-1240: The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before…

Published: 2016-10-03T15:59:00 Last Modified: 2018-10-09T19:59:00

Summary

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 10.0
  • Exploitability Score: 3.9
  • CVSS: 7.2
  • CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: COMPLETE
  • Integrity: COMPLETE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-1240 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-5388: Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows…

Published: 2016-07-19T02:00:00 Last Modified: 2020-08-14T11:15:00

Summary

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. NOTE: the vendor states “A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388”; in other words, this is not a CVE ID for a vulnerability.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 4.9
  • CVSS: 5.1
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-5388 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-3092: The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x…

Published: 2016-07-04T22:59:00 Last Modified: 2021-07-17T08:15:00

Summary

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 6.9
  • Exploitability Score: 10.0
  • CVSS: 7.8
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3092 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-0706: Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2…

Published: 2016-02-25T01:59:00 Last Modified: 2019-04-15T16:30:00

Summary

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0706 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-0714: The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x…

Published: 2016-02-25T01:59:00 Last Modified: 2019-04-15T16:30:00

Summary

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.0
  • CVSS: 6.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0714 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache…

Published: 2016-02-25T01:59:00 Last Modified: 2019-03-21T15:59:00

Summary

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.0
  • CVSS: 6.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0763 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-5345: The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30,…

Published: 2016-02-25T01:59:00 Last Modified: 2019-04-15T16:30:00

Summary

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5345 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before…

Published: 2016-02-25T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5351 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x…

Published: 2016-02-25T01:59:00 Last Modified: 2019-04-15T16:30:00

Summary

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5174 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-5346: Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x…

Published: 2016-02-25T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5346 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0230: Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle…

Published: 2015-06-07T23:59:00 Last Modified: 2019-04-15T16:30:00

Summary

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 6.9
  • Exploitability Score: 10.0
  • CVSS: 7.8
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0230 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-7810: The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before…

Published: 2015-06-07T23:59:00 Last Modified: 2019-04-15T16:30:00

Summary

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-7810 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-8111: Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous…

Published: 2015-04-21T17:59:00 Last Modified: 2019-04-15T16:30:00

Summary

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-8111 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42,…

Published: 2015-02-16T00:59:00 Last Modified: 2019-04-15T16:29:00

Summary

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Common Weakness Enumeration (CWE): CWE-19: Data Processing Errors

CWE Description: Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0227 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-4444: Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations…

Published: 2014-09-12T01:55:00 Last Modified: 2021-01-07T00:15:00

Summary

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)

CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4444 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0095: java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows…

Published: 2014-05-31T11:17:00 Last Modified: 2017-11-15T02:29:00

Summary

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a “Content-Length: 0” AJP request to trigger a hang in request processing.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0095 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0075: Integer overflow in the parseChunkHeader function in…

Published: 2014-05-31T11:17:00 Last Modified: 2019-04-15T16:29:00

Summary

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0075 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0096: java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat…

Published: 2014-05-31T11:17:00 Last Modified: 2019-04-15T16:29:00

Summary

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0096 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0099: Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40,…

Published: 2014-05-31T11:17:00 Last Modified: 2019-04-15T16:29:00

Summary

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0099 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0119: Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain…

Published: 2014-05-31T11:17:00 Last Modified: 2019-04-15T16:29:00

Summary

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0119 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0050: MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss…

Published: 2014-04-01T06:27:00 Last Modified: 2021-07-17T08:15:00

Summary

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2014-0050 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0033: org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not…

Published: 2014-02-26T14:55:00 Last Modified: 2019-04-15T16:29:00

Summary

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0033 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-4286: Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector…

Published: 2014-02-26T14:55:00 Last Modified: 2019-04-15T16:29:00

Summary

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request’s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a “Transfer-Encoding: chunked” header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4286 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-4322: Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked…

Published: 2014-02-26T14:55:00 Last Modified: 2019-04-15T16:29:00

Summary

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4322 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-4590: Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to…

Published: 2014-02-26T14:55:00 Last Modified: 2019-04-15T16:29:00

Summary

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain “Tomcat internals” information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-4590 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-0346: ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its…

Published: 2014-02-15T14:57:00 Last Modified: 2014-02-18T19:40:00

Summary

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated “The tomcat log directory does not contain any sensitive information.”

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.9
  • CVSS: 2.1
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2013-0346 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-2185: ** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as…

Published: 2014-01-19T18:02:00 Last Modified: 2016-11-01T16:35:00

Summary

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-2185 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-6357: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in…

Published: 2013-11-13T15:55:00 Last Modified: 2013-11-14T17:45:00

Summary

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that “the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application … as they require a reckless system administrator.”

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2013-6357 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature…

Published: 2013-06-01T14:21:00 Last Modified: 2019-04-15T16:29:00

Summary

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-2067 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2013-2071: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not…

Published: 2013-06-01T14:21:00 Last Modified: 2017-05-23T01:29:00

Summary

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-2071 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-3544: Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions…

Published: 2013-06-01T14:21:00 Last Modified: 2019-04-15T16:29:00

Summary

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-3544 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-3546: org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before…

Published: 2012-12-19T11:55:00 Last Modified: 2017-09-19T01:35:00

Summary

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-3546 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-4431: org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x…

Published: 2012-12-19T11:55:00 Last Modified: 2017-09-19T01:35:00

Summary

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-4431 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-4534: org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before…

Published: 2012-12-19T11:55:00 Last Modified: 2017-09-19T01:35:00

Summary

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-4534 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-5568: Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage)…

Published: 2012-11-30T19:55:00 Last Modified: 2021-01-11T18:10:00

Summary

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-5568 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-5885: The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation…

Published: 2012-11-17T19:55:00 Last Modified: 2017-09-19T01:35:00

Summary

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-5885 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-5887: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x…

Published: 2012-11-17T19:55:00 Last Modified: 2017-08-29T01:32:00

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-5887 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-5886: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x…

Published: 2012-11-17T19:55:00 Last Modified: 2017-08-29T01:32:00

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-5886 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-2733: java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache…

Published: 2012-11-16T21:55:00 Last Modified: 2017-09-19T01:34:00

Summary

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-2733 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2012-0022: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient…

Published: 2012-01-19T04:01:00 Last Modified: 2019-03-25T11:33:00

Summary

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-0022 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-3375: Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain…

Published: 2012-01-19T04:01:00 Last Modified: 2012-02-16T04:16:00

Summary

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-3375 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1184: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x…

Published: 2012-01-14T21:55:00 Last Modified: 2019-03-25T11:33:00

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1184 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-5063: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x…

Published: 2012-01-14T21:55:00 Last Modified: 2019-03-25T11:33:00

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-5063 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x…

Published: 2012-01-14T21:55:00 Last Modified: 2019-03-25T11:33:00

Summary

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-5062 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat…

Published: 2012-01-14T21:55:00 Last Modified: 2019-03-25T11:33:00

Summary

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-5064 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-4858: Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for…

Published: 2012-01-05T19:55:00 Last Modified: 2018-01-09T02:29:00

Summary

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2011-4858 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-3376: org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not…

Published: 2011-11-11T21:55:00 Last Modified: 2017-05-23T01:29:00

Summary

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application’s functionality.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-3376 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-3190: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0…

Published: 2011-08-31T23:55:00 Last Modified: 2019-03-25T11:33:00

Summary

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-3190 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-2481: Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for…

Published: 2011-08-15T21:55:00 Last Modified: 2017-05-23T01:29:00

Summary

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.9
  • CVSS: 4.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-2481 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-2729: native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache…

Published: 2011-08-15T21:55:00 Last Modified: 2019-03-25T11:33:00

Summary

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-2729 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-2526: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is…

Published: 2011-07-14T23:55:00 Last Modified: 2019-03-25T11:33:00

Summary

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.4
  • CVSS: 4.4
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-2526 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-2204: Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the…

Published: 2011-06-29T17:55:00 Last Modified: 2019-03-25T11:33:00

Summary

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 3.4
  • CVSS: 1.9
  • CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2011-2204 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1582: Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following…

Published: 2011-05-20T22:55:00 Last Modified: 2018-10-09T19:31:00

Summary

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1582 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1183: Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security…

Published: 2011-04-08T15:17:00 Last Modified: 2018-10-09T19:30:00

Summary

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1183 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1475: The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP…

Published: 2011-04-08T15:17:00 Last Modified: 2017-09-19T01:32:00

Summary

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to “a mix-up of responses for requests from different users.”

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1475 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1088: Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote…

Published: 2011-03-14T19:55:00 Last Modified: 2018-10-09T19:30:00

Summary

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1088 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-1419: Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow…

Published: 2011-03-14T19:55:00 Last Modified: 2017-08-17T01:34:00

Summary

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1419 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-0013: Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache…

Published: 2011-02-19T01:00:00 Last Modified: 2019-03-25T11:33:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-0013 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2011-0534: Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize…

Published: 2011-02-10T18:00:00 Last Modified: 2018-10-09T19:29:00

Summary

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-0534 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2010-3718: Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does…

Published: 2011-02-10T18:00:00 Last Modified: 2019-03-25T11:33:00

Summary

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 1.9
  • CVSS: 1.2
  • CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2010-3718 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2010-4172: Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat…

Published: 2010-11-26T20:00:00 Last Modified: 2018-10-10T20:07:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2010-4172 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

Published: 2010-11-26T20:00:00 Last Modified: 2018-10-10T20:08:00

Summary

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

Common Weakness Enumeration (CWE): CWE-16: Configuration

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-4312 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2696: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the…

Published: 2010-08-05T18:17:00 Last Modified: 2016-10-27T14:50:00

Summary

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to “invalid HTML.” NOTE: this is due to a missing fix for CVE-2009-0781.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2696 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2010-2227: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle…

Published: 2010-07-13T17:30:00 Last Modified: 2019-03-25T11:32:00

Summary

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-2227 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2010-1157: Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to…

Published: 2010-04-23T14:30:00 Last Modified: 2019-03-25T11:32:00

Summary

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server’s hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2010-1157 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2693: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20…

Published: 2010-01-28T20:30:00 Last Modified: 2019-03-25T11:30:00

Summary

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2693 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2902: Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20…

Published: 2010-01-28T20:30:00 Last Modified: 2019-03-25T11:31:00

Summary

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the …war filename.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2902 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2901: The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when…

Published: 2010-01-28T20:30:00 Last Modified: 2019-03-25T11:30:00

Summary

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2901 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-3548: The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly…

Published: 2009-11-12T23:30:00 Last Modified: 2019-03-25T11:31:00

Summary

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.

Common Weakness Enumeration (CWE): CWE-255: Credentials Management Errors

CWE Description: Weaknesses in this category are related to the management of credentials.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2009-3548 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-5515: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly…

Published: 2009-06-16T21:00:00 Last Modified: 2019-03-25T11:30:00

Summary

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-5515 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-0033: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java…

Published: 2009-06-05T16:00:00 Last Modified: 2019-03-25T11:30:00

Summary

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-0033 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-0580: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM…

Published: 2009-06-05T16:00:00 Last Modified: 2019-03-25T11:30:00

Summary

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2009-0580 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-0783: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web…

Published: 2009-06-05T16:00:00 Last Modified: 2019-10-09T22:58:00

Summary

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 6.4
  • Exploitability Score: 3.9
  • CVSS: 4.6
  • CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: LOCAL

Currently, there is no code for exploiting the CVE-2009-0783 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-5519: The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to…

Published: 2009-04-09T15:08:00 Last Modified: 2019-04-15T16:29:00

Summary

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol’s requirements for requests containing Content-Length headers.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-5519 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-0781: Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the…

Published: 2009-03-09T21:30:00 Last Modified: 2019-03-25T11:30:00

Summary

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to “invalid HTML.”

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-0781 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-4308: The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not…

Published: 2009-02-26T23:30:00 Last Modified: 2019-03-25T11:30:00

Summary

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-4308 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-3271: Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address…

Published: 2008-10-13T20:00:00 Last Modified: 2019-03-25T11:30:00

Summary

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a “synchronization problem” and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-3271 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-2938: Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26,…

Published: 2008-08-13T00:41:00 Last Modified: 2022-02-03T19:45:00

Summary

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2008-2938 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-1232: Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through…

Published: 2008-08-04T01:41:00 Last Modified: 2022-02-03T19:43:00

Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2008-1232 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-2370: Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a…

Published: 2008-08-04T01:41:00 Last Modified: 2019-03-25T11:30:00

Summary

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2008-2370 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-1947: Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through…

Published: 2008-06-04T19:32:00 Last Modified: 2019-03-25T11:30:00

Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-1947 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-0002: Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when…

Published: 2008-02-12T01:00:00 Last Modified: 2018-10-15T21:56:00

Summary

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.6
  • CVSS: 5.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-0002 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-5333: Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not…

Published: 2008-02-12T01:00:00 Last Modified: 2022-02-03T19:42:00

Summary

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-5333 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-6286: Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is…

Published: 2008-02-12T01:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of “a duplicate copy of one of the recent requests,” as demonstrated by using netcat to send the empty request.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-6286 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2008-0128: The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before…

Published: 2008-01-23T02:00:00 Last Modified: 2019-03-25T11:30:00

Summary

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Common Weakness Enumeration (CWE): CWE-16: Configuration

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2008-0128 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-5342: The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25…

Published: 2007-12-27T22:46:00 Last Modified: 2019-03-25T11:29:00

Summary

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Common Weakness Enumeration (CWE): CWE-264: Permissions, Privileges, and Access Controls

CWE Description: Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-5342 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-5461: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0…

Published: 2007-10-15T18:17:00 Last Modified: 2019-03-25T11:29:00

Summary

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 6.8
  • CVSS: 3.5
  • CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2007-5461 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-4724: Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application…

Published: 2007-09-05T19:17:00 Last Modified: 2018-10-15T21:37:00

Summary

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-4724 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-3385: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to…

Published: 2007-08-14T22:17:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-3385 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-3382: Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to…

Published: 2007-08-14T22:17:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("’") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-3382 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-3386: Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to…

Published: 2007-08-14T22:17:00 Last Modified: 2018-10-16T16:48:00

Summary

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-3386 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-3384: Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache…

Published: 2007-08-08T01:17:00 Last Modified: 2018-10-16T16:48:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-3384 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-3383: Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application…

Published: 2007-07-25T17:30:00 Last Modified: 2019-03-25T11:29:00

Summary

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-3383 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-2449: Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web…

Published: 2007-06-14T23:30:00 Last Modified: 2019-03-25T11:29:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ‘;’ character, as demonstrated by a URI containing a “snp/snoop.jsp;” sequence.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-2449 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-2450: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web…

Published: 2007-06-14T23:30:00 Last Modified: 2019-03-25T11:29:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 6.8
  • CVSS: 3.5
  • CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-2450 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-1860: mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within…

Published: 2007-05-25T18:30:00 Last Modified: 2019-04-15T16:29:00

Summary

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-1860 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-1355: Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example…

Published: 2007-05-21T20:30:00 Last Modified: 2019-03-25T11:29:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-1355 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-1358: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0…

Published: 2007-05-10T00:19:00 Last Modified: 2019-03-25T11:29:00

Summary

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted “Accept-Language headers that do not conform to RFC 2616”.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-1358 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-1858: The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through…

Published: 2007-05-10T00:19:00 Last Modified: 2019-03-25T11:29:00

Summary

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-1858 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2006-7195: Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through…

Published: 2007-05-10T00:19:00 Last Modified: 2018-10-16T16:29:00

Summary

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-7195 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2006-7196: Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat…

Published: 2007-05-10T00:19:00 Last Modified: 2019-03-25T11:29:00

Summary

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-7196 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2006-7197: The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a…

Published: 2007-04-25T20:19:00 Last Modified: 2019-04-15T16:29:00

Summary

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

Scores

  • Impact Score: 6.9
  • Exploitability Score: 10.0
  • CVSS: 7.8
  • CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: COMPLETE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-7197 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-0450: Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x…

Published: 2007-03-16T22:19:00 Last Modified: 2019-04-15T16:29:00

Summary

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) “/” (slash), (2) “" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-0450 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2007-0774: Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c)…

Published: 2007-03-04T22:19:00 Last Modified: 2019-04-15T16:29:00

Summary

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2007-0774 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2006-3835: Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;)…

Published: 2006-07-25T13:22:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-3835 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-4836: The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL…

Published: 2005-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 6.9
  • Exploitability Score: 10.0
  • CVSS: 7.8
  • CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: COMPLETE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-4836 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-4838: Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta…

Published: 2005-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-4838 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-4703: Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive…

Published: 2005-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2005-4703 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-3510: Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU…

Published: 2005-11-06T11:02:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3510 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-3164: The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in…

Published: 2005-10-06T10:02:00 Last Modified: 2022-02-03T19:39:00

Summary

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when “unsuitable request body data” is used for a different request, possibly related to Java Servlet pages.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 4.9
  • CVSS: 2.6
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3164 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-2090: Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to…

Published: 2005-07-05T04:00:00 Last Modified: 2019-04-15T16:29:00

Summary

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-2090 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2005-0808: Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash)…

Published: 2005-05-02T04:00:00 Last Modified: 2017-07-11T01:32:00

Summary

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0808 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2003-0866: The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote…

Published: 2003-11-17T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2003-0866 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-1567: Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute…

Published: 2003-10-06T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-1567 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2003-0045: Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a…

Published: 2003-02-07T05:00:00 Last Modified: 2017-10-10T01:30:00

Summary

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2003-0045 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2003-0043: Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when…

Published: 2003-02-07T05:00:00 Last Modified: 2017-10-10T01:30:00

Summary

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2003-0043 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2003-0042: Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to…

Published: 2003-02-07T05:00:00 Last Modified: 2017-07-11T01:29:00

Summary

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2003-0042 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2003-0044: Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web…

Published: 2003-02-07T05:00:00 Last Modified: 2017-07-11T01:29:00

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2003-0044 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-1394: Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet,…

Published: 2003-01-17T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-1394 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-2006: The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote…

Published: 2002-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-2006 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-2009: Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP…

Published: 2002-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-2009 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-1895: The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3…

Published: 2002-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-1895 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-2007: The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain…

Published: 2002-12-31T05:00:00 Last Modified: 2008-09-05T20:32:00

Summary

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 3)

Code designed for conducting penetration testing on CVE-2002-2007 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-2008: Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP…

Published: 2002-12-31T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-2008 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-2272: Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote…

Published: 2002-12-31T05:00:00 Last Modified: 2017-07-29T01:29:00

Summary

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

  • Impact Score: 6.9
  • Exploitability Score: 10.0
  • CVSS: 7.8
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

  • Availability: COMPLETE
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-2272 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-1148: The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and…

Published: 2002-10-11T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-1148 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-0936: The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service…

Published: 2002-10-04T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-0936 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-0935: Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to…

Published: 2002-10-04T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-0935 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-0493: Apache Tomcat may be started without proper security settings if errors are encountered while…

Published: 2002-08-12T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Common Weakness Enumeration (CWE): CWE-254: 7PK - Security Features

CWE Description: Software security is not security software. Here we’re concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2002-0493 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2002-0682: Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute…

Published: 2002-07-23T04:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2002-0682 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2000-1210: Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote…

Published: 2002-03-22T05:00:00 Last Modified: 2016-10-18T02:09:00

Summary

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2000-1210 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2001-1563: Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to…

Published: 2001-12-31T05:00:00 Last Modified: 2017-07-11T01:29:00

Summary

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2001-1563 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2001-0829: A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed…

Published: 2001-12-06T05:00:00 Last Modified: 2008-09-10T19:09:00

Summary

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 4.9
  • CVSS: 5.1
  • CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2001-0829 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2001-0917: Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a…

Published: 2001-11-22T05:00:00 Last Modified: 2019-03-25T11:29:00

Summary

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2001-0917 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2001-0590: Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the…

Published: 2001-08-02T04:00:00 Last Modified: 2017-10-10T01:29:00

Summary

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary ‘jsp’ files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2001-0590 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2000-0760: The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information…

Published: 2000-10-20T04:00:00 Last Modified: 2008-09-05T20:21:00

Summary

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2000-0760 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2000-0759: Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests…

Published: 2000-10-20T04:00:00 Last Modified: 2008-09-05T20:21:00

Summary

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 10.0
  • CVSS: 6.4
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2000-0759 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2000-0672: The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which…

Published: 2000-07-20T04:00:00 Last Modified: 2017-10-10T01:29:00

Summary

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2000-0672 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache